Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Gargantuan SQL injection infects 3.8 million URLs, installs rogue antivirus
Websense has a complete write up the attack, dubbed 'LizaMoon,' but here's the basic gist: it looks like someone is exploiting a vulnerabilty (or vulnerabilities) in hundreds of thousands of websites running on Microsoft SQL Server 2003 and 2005. It's not yet known whether this is a vulnerability in SQL Server, or simply a case of outdated, unmaintained, and easily-exploitable CMSes.
The attack takes the form of an SQL injection, which then inserts a link to a JavaScript file hosted on the attacker's server. This is repeated over and over until every Web page in the SQL database has been infected -- and considering 3.8 million URLs have been infected, you can see that this is a very easy, and automated, attack.
Fortunately, the JavaScript isn't particularly malicious: it pops up a rogue AV program called Windows Stability Center, but that's it. Better yet, the rogue antivirus is already recognized by a bunch of real antivirus suites, including Avast, Panda and Microsoft Security Essentials.
The real problem with SQL injection attacks is that there's nothing we surfers can do about them. There will always be old and unmaintained websites, and thus SQL injections will remain one of the easiest and most lucrative tools of hackers and spammers alike. All you can do is keep your antivirus and anti-malware software up to date, and pray.
Comments
5
Subscribe to commentsm0r1artyApr 1st 2011 5:46AM
Hahaha, Microsoft going for 2 this year on April fool's day. First trying to steal the thunder from Google's big day out by supposedly slapping an EU anti-trust lawsuit on them and then pretending to have huge gaps in their systems security thus making Linux seem like a safer option of web hosting. Before the day is through they'll have a deal with Apple signed to stop anyone but Vuze or iPad owners able to listen to music, those jokers!
Dan LarsonApr 1st 2011 8:22AM
"All you can do is keep your antivirus and anti-malware software up to date, and pray. "
And, of course, "distrust everyone". NoScript for the win, as it were.
Granted, it's entirely possible that one of the sites I've already marked as safe is now one of the zombie horde, but it's a place to start, at least.
CjApr 1st 2011 8:48AM
My site got hit 2 weeks ago because of a breach on MySQL. I was devastated by comforted by fining out I wasn't alone. Hopefully these things will be stopped because it really discouraged me for a time and I felt like dropping all work on my site.
While I'm here, and security tips?
nschonniApr 1st 2011 10:40AM
There is no such version as "Microsoft SQL Server 2003"
Chris GreenApr 1st 2011 3:01PM
If you are using a database for web and do not sanitize your input data before passing it to the database you are insane. If you are relying on someone else's CMS product and do not keep it patched religiously, you are just as bad if not worse.