Update: mysql.com appears to be clean now (they replaced the script that contained the malicious code).
Popular website mysql.com has been hacked and is serving malware.
Here is the sequence of events viewed from Fiddler (highlighted are the malicious parts):
Here is the compromised version:
The script calls:
(Note the use of the referrer).
falosfax.in is a server whose IP address (184.108.40.206) is located in Germany.
Final delivery is the BlackHole exploit kit itself from: truruhfhqnviaosdpruejeslsuy.cx.cc/main.php
Please use extreme caution and stay clear off mysql.com while they fix the issue.
Leave a reply