Users were redirected to a site that attempted to install malware on visitors’ PCs
PC users who used unpatched browsers and plug-ins from MySQL.com that host the open-source MySQL database management system have been infected with mwjs159, The Register reported citing Sucuri blog.
Users visiting the site were redirected to a site that attempted to install malware on visitors’ PCs using code from the Blackhole exploit kit.
The Register quoted Armorize researchers as saying that mwjs159 exploits the visitor’s browsing platform, and upon successful exploitation, permanently installs a piece of malware into the visitor’s machine, without the visitor’s knowledge.
The motive of the hackers in the MySQL.com breach appears to be a less ambitious one as they targeted desktop machines of those who visited the site.
The Sucuri scanner identified the malware as often related to stolen FTP passwords, and thus speculated that one of their developers’ PC got compromised and had his password stolen.