

MySQL.com currently Hacked (and serving javascript malware) - sucuri2
http://blog.sucuri.net/2011/09/mysql-com-hacked-javascript-malware.html

======
preinheimer
That's a relief, for a minute there it looked like MySQL had been bought by
Oracle.

------
davidjhall
I needed to access the mysql forums today and Google kept blocking me,
claiming malware. I had almost overrode it thinking that google must be wrong
and am glad I didn't.

Looks like they are still infected --- anyone know of a way to tell if a site
is infected (kind of like a "is it down or just me" ) outside of Google
search?

~~~
ddbbcc
There is a site scanner here: <http://sitecheck.sucuri.net> (free)

~~~
missing_cipher
Scanning "<http://www.mysql.com> returns "Verified Clean"...

~~~
sucuri2
They fixed it..

------
mariuskempe
I visited the site during the affected time on Mac OS X 10.7, with Safari -
I'm worried I might be infected. How can I check?

------
lobo_tuerto
Are Linux users susceptible to these kind of attacks too? In the video the
exploit is presented on a Windows machine.

------
frytaz
[http://blog.armorize.com/2011/09/mysqlcom-hacked-
infecting-v...](http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-
visitors-with.html)

------
nu2ycombinator
Does anyone understand what that javascript code is doing?

~~~
ddbbcc
It seems to hide an iframe call to <http://falosfax.in/info/in.cgi>?

------
w1ntermute
There has been quite a flurry of open source projects getting hacked as of
late (kernel.org comes to mind, but I think there were 1 or 2 others as well).
Does anyone know if these different hacks are related to each other in any
way?

~~~
itswindy
If you're countryX and want to bring down everything, hacking sites like
mysql, apache, kernel and the likes would do the most damage

~~~
w1ntermute
No doubt, but that doesn't explain why all these sites have suddenly become
vulnerable. Unless someone with unusual hacking capabilities only started
trying recently.

~~~
itswindy
_Unless someone with unusual hacking capabilities only started trying
recently._

'Usual' hackers are probably a step above script kiddies. On the top end you
have state sponsored PHDs

~~~
w1ntermute
I don't see your point. There are no countries that would have only recently
developed an interest in hacking such sites and have the capability to do so.
Clearly you're trying to imply that some country is behind this, so feel free
to just say it out loud instead of being cute about it and wasting everyone's
time.

~~~
itswindy
_Clearly you're trying to imply that some country is behind this, so feel free
to just say it out loud instead of being cute about it and wasting everyone's
time._

It's an internet forum, not a court of law. OK? I am speculating. When someone
does something this big, I tend to think of someone way out there, like those
that tried to hack Google, defense companies etc. For all we know they did to
get the info from one company, steal CC from a million of them, or just have
the option to take million of sites offline. Relax.

------
beaumartinez
Apparently, this is the infected resourse[1], although it's not infected when
(or rather where) I load it.

[1]
[https://www.mysql.com/common/js/s_code_remote.js?ver=2009101...](https://www.mysql.com/common/js/s_code_remote.js?ver=20091011)

~~~
sucuri2
They fixed it.

------
Triumvark
This may be fallout from Google flagging a larger network.

