Once on that page, the victim’s machine was attacked by the BlackHole exploit kit, which the remote site apparently is hosting, according to Armorize’s research. BlackHole is one of a number of exploit packs that is in wide use right now, and it contains pre-loaded exploits for vulnerabilities in browsers, as well as common components and plug-ins such as Flash.
“This domain hosts the BlackHole exploit pack. It exploits the visitor’s browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, …), and upon successful exploitation, permanently installs a piece of malware into the visitor’s machine, without the visitor’s knowledge. The visitor doesn’t need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection,” Armorize’s Wayne Huang said in a blog poast.
MySQL is a database platform that originally was owned by an independent entity, but was purchased by Sun Microsystems in 2008, and later became part of Oracle when that company bought Sun in 2009.