New SQL Injection Attack Fuses Malware, Phishing 202
Posted
by
kdawson
from the trust-me-just-click-on-it-ok dept.
from the trust-me-just-click-on-it-ok dept.
PainMeds tips a recent post in Secure Computing's research blog describing a new SQL injection attack that had infected thousands of MSSQL-based web servers by last weekend, turning them into malware delivery systems. The attack apparently rewrites the server's Web pages to include JavaScript which pushes malware to the visitor as if it were from the genuine site. Sites using Sybase might possibly be vulnerable, as it uses the same exploited syntax that MSSQL does. The post includes an example of the attack. Unlike most malware attacks, this one appears to originate from the site the user is actually visiting. From the blog: "'Similar to phishing, this attack takes advantage of the website visitor's trust in the site they are visiting. Instead of phishing for information, however, malware is sent to the client, which the client has a higher likelihood of accepting being from a trusted site... These web pages are associated with Web sites from around the world and supplying various content — including government sites, sales sites, real estate sites, and financial information sites among others."
malware + phishing = (Score:4, Funny)
Re:Not really new (Score:1, Funny)
No I didn't see this coming you insensitive clod.. I'm blind.
Re:DELETE FROM USER* (Score:3, Funny)
$conn_id = mysql_connect("microsoft.com") (Score:2, Funny)
Re:Attempts made on our systems... (Score:4, Funny)
The Olympics are trying to hack your webserver?
I wasn't aware that Server CTF was an Olympic sport.
Re:malware + phishing = (Score:3, Funny)
Web Security Consultant / Database Expert Needed (Score:1, Funny)
I saw a post in the "best of" section of craigslist from early July that described the same attack from the article. The victim included some great documentation of the attack: http://www.craigslist.org/about/best/bos/742662737.html
Re:fixes? (Score:3, Funny)
declare holyshit cursor for select name from
sysobjects where xtype='U'
open holyshit
fetch next from holyshit into @wft
WHILE @@FETCH_STATUS = 0
begin select * from @wtf where thehtml like '%code%'
print 'please kill me'
fetch next from holyshit into @wtf
end
close holyshit
deallocate holyshit
Re:Attempts made on our systems... (Score:3, Funny)
In Communist China, the Olympics hacks you!
Re:DELETE FROM USER* (Score:3, Funny)
Re:malware + phishing = (Score:3, Funny)
Well, there are worse composite buzzwords [userfriendly.org]...
Re:DELETE FROM USER* (Score:4, Funny)
Let's see who's laughing when the Political Correctness brigade catch up with the Gregorian Calendar and hold it to task for picking on poor, old February.