A security firm warned Monday that the website for downloading the popular MySQL open source relational database was infecting PCs via drive-by downloads.
Browsers that visited MySQL.com Monday were immediately injected with a JavaScript executable, which generated an iFrame that redirected to a website hosting the Black Hole crimeware exploit kit. "It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge," according to a blog post written by Wayne Huang, CEO of security firm Armorize, which discovered the attack. "The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection," he said.

The link for this article located at Information Week is no longer available.