RSS Alerts

Share

More services

Related Links

Related Stories

  • Royal Navy website sunk by SQL injection hacker
    One of the websites operated by the Royal Navy was shut down yesterday, after a hacker called TinKode gained unauthorised access to the server using an SQL injection attack.
  • Twitter not adequately checking URLs, says Kaspersky
    Twitter is failing to block malicious websites that are being posted to it via URL shortening services, according to researchers from Kaspersky, who have applied their own back-end service to help solve the problem.
  • Google users targeted by new malicious websites
    Network security company eSoft’s threat prevention team has discovered new malware sites specifically targeting users of Windows operating system and Google.
  • Fake anti-virus team exploits September 11 anniversary
    Online scams related to holidays, global events, and popular news stories are common, but September 11 scammers really scraped the bottom of the moral barrel last week. Scareware scammers are using the eighth anniversary of the September 11 attacks to sell their fake anti-virus software to unsuspecting users.
  • Zero Day of the Dead
    The data load that has accompanied the globalization of trade would make even Atlas stagger. And that’s without the added burden of counter-terrorisAs you read this, zombie programs are flitting across the internet like a pestilence to infect and drain the life from innocent computer systems. Yet, for all the aggravation and grief they cause, you may never know you are part of a global invasion of the system snatchers, says William Knight. Unless…

Top 5 Stories

News

SQL injection attacks hit 1.5m websites

14 December 2009

Another 1.5 million websites associated with the newest series of SQL injection attacks have been found by network security specialist eSoft.

The websites compromised by the SQL injection attacks, infect users with the trojan Trojan.Buzus, which runs silently in the background. The trojan steals passwords, financial data, and other sensitive information, the eSoft Threat Prevention Team said in a blog post.

The same script is injected several times in and around the title and meta tags, and in other locations. The sites compromised by the SQL injection attacks share the common characteristics of “script src=http” and a varying script source, eSoft said.

Injected domains include the following (the number indicates the amount of compromised websites eSoft found using Google search):

wgwgg.cn 383 000
a.ll8cc.cn7040
asa.ss.la14 300
1.ll8cc.cn179 000
252a.cn21 300
Kun0o.cn1650
65gd.cn 541 000

The domains host the same javascript using small or hidden iframes to redirect users to other malicious websites where the final payload is delivered.

According to eSoft, the SQL injection attack uses the same technique described by Scansafe last week in the 318x injection where around 300 000 websites were compromised.

eSoft said it is adding detection for the SQL injection attacks and flagging any compromised websites.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012