[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] MySQL Malware Hack Cost Just $3,000
From: InfoSec News <alerts () infosecnews ! org>
Date: 2011-09-28 5:27:37
Message-ID: alpine.DEB.2.02.1109280027260.16489 () infosecnews ! org
[Download RAW message or body]
http://www.informationweek.com/news/security/attacks/231602232
By Mathew J. Schwartz
InformationWeek
September 27, 2011
A security firm warned Monday that the website for downloading the
popular MySQL open source relational database was infecting PCs via
drive-by downloads.
Browsers that visited MySQL.com Monday were immediately injected with a
JavaScript executable, which generated an iFrame that redirected to a
website hosting the Black Hole crimeware exploit kit. "It exploits the
visitor's browsing platform (the browser, the browser plugins like Adobe
Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation,
permanently installs a piece of malware into the visitor's machine,
without the visitor's knowledge," according to a blog post written by
Wayne Huang, CEO of security firm Armorize, which discovered the attack.
"The visitor doesn't need to click or agree to anything; simply visiting
mysql.com with a vulnerable browsing platform will result in an
infection," he said.
By later on Monday, Oracle--which owns MySQL--had apparently disabled
the attack.
Black Hole, a copy of which can be rented for about $1,500 per year, is
one of the most widely used crimeware toolkits, which are designed to
automate the process of exploiting PCs and harvesting financial data.
"The blackhole exploit pack supports a wide variety of exploits, so the
actual exploit you get served depends on the platform you use for
browsing," said Huang. "The [executable] is run by exploiting the
browser with javascript / flash actionscript / PDF jscript / java
exploit / etc." Furthermore, it can apparently bypass many attack
mitigation technologies, including data execution prevention (DEP).
"Many exploits have the ability to turn DEP off so they'd still work on
Win7," he said.
[...]
_____________________________________________________________
FINAL CALL to register #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic