Learning from the MySQL.com hack: How to stop website redirects

Hackers recently took control of Oracle's MySQL.com and installed a JavaScript code on the site that redirected visitors and attacked their systems with a BlackHole exploit kit. Is there any way to prevent websites from automatically redirecting?

In a bold attack earlier this year, malicious attackers were able to plant malware on Oracle Corp.'s MySQL.com website so visitors would become infected simply by visiting the site's homepage. Upon visiting the site, users' browsers were automatically instructed to load JavaScript redirects to third-party URLs that served up dangerous malware.

There are ways to disable or block JavaScript redirects on the client side by using browser plug-ins like Noscript, or you can disable JavaScript in the browser. Potentially, you can also use a more general browser security tool that might be included in a host intrusion-prevention system (HIPS) or antimalware suite to block JavaScript redirects. You could also use a Web proxy and potentially block redirects from the network.

Unfortunately, disabling JavaScript won’t stop website redirects entirely, like the one used in the MySQL.com hack. A Web server can be configured to redirect webpages by issuing a HTTP 3xx redirect command and sending a browser to a different website. There is even an HTML tag for meta-refreshes that can generate a redirect. However, many popular websites now perform URL shortening, which is a form of redirection, so you may want to evaluate if blocking redirection is worth the effort given the functionality trade-off.

If your endpoints are hardened against malware attacks, the minimal information security risk from a website redirect should not significantly increase the number of malware infections.