Thursday, April 24, 2008

Mass SQL Injection Going On - Over 500,000 web sites infected already

F-Secure reports in its blog that there's ongoing a new wave of attacks in which criminals code has been inserted to web sites. Problem is massive since there are currently over half a million infected websites.

In most web sites it's possible for a site visitor to input text for example thru blog comments, forum discussion boards etc. If this data from the users isn't checked - quite often these checks are missing - the attacker can add in some own attack code. This is what "sql injection" attack is all about.

In this currently ongoing SQL injection attack used code changes some part of web site contained text to links pointing to criminals own sites. "There's a set of files that gets loaded from these sites that attempts to use different exploits to install an online gaming trojan," tells F-Secure. So far the domains used for hosting the malicious content are nmidahena.com, aspder.com and nihaorr1.com. At the moment initial page on all those domains are unaccessible. This could change though.

It's recommended web administrators to check that their sites don't contain this attack code. Now (if not done already) it's also good time to build up some protection to check the data inserted by the users and this way make malicious code insertion impossible.

No comments: