Web security firm Armorize reported in its blog today that the MySQL.com website has been turned into a launchpad for serving up malware attacks. Visitors to the home page of the site are hit with a JavaScript injection attack that has been planted on the site. The script opens an IFRAME to a malicious site, which in turn launches a BlackHole exploit "pack" that probes for known browser and plugin weaknesses and then stealthily installs malware on the visitor’s PC. There’s no warning button or action required by the user other than visiting the site to trigger the download.
via Ars Technica – Hackers turn MySQL.com into malware launchpad. What the heck is Oracle doing with MySQL? Also, how long would you keep trusting Oracle software with this kind of security failing.