Malicious Copy of MySQL Tool Distributed Through SourceForge Mirror

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Malicious Copy of MySQL Tool Distributed Through SourceForge Mirror/

A compromised copy of the MySQL administration tool phpMyAdmin was being
served up via a SourceForge mirror site based in Korea that has since
been taken out of the rotation, officials said.

phpMyAdmin–an administration tool for the MySQL open source database–
was downloaded roughly 400 times before the situation was discovered.
Attackers could use the backdoor hidden in the phpMyAdmin tool to
execute arbitrary commands.

"On September 25th, SourceForge became aware of a corrupted copy of
phpMyAdmin being served from the ‘cdnetworks-kr-1? mirror in Korea,"
according to SourceForge. "This mirror was immediately removed from
rotation. The mirror provider has confirmed the attack vector has been
identified and is limited to their mirror; with [the] exploit having
occurred on or around Sept. 22nd."

The phpMyAdmin project sent direct emails to users who downloaded the
compromised copy that were identified through SourceForge logs,
SourceForge noted.

The phpMyAdmin project classified the vulnerability–which was discovered
by the Tencent Security Response Center–as critical, noting that only
the is known to be affected and
users should check to see if their download contains a file named

One of the most troubling aspects of this is that the application that
was targeted, phpMyAdmin, is one of the most popular applications for
managing MySQL, said Dan Kuykendall, co-CEO and CTO of application
security firm NT OBJECTives.

 "With that exploit installed, it basically allows the bad guy full
access to the person's database server," he said. "That's pretty scary."

Site Timeline