PainMeds writes "According to a recent post in Secure Computing's research blog, a new SQL injection attack has infected thousands of MSSQL-based web servers over the weekend, effectively turning them into malware delivery systems. The attack apparently rewrites the server's web pages to include javascript which, in turn, pushes malware to the website visitor as if it were from the genuine website. From the blog, "Similar to phishing, this attack takes advantage of the website visitor's trust in the site they are visiting. Instead of phishing for information, however, malware is sent to the client, which the client has a higher likelihood of accepting being from a trusted site... These web pages are associated with web sites from around the world and supplying various content- including government sites, sales sites, real estate sites, and financial information sites among others." An example of the attack has been included in the post. Unlike most malware attacks, this attack appears to originate from the website the user is actually visiting."
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
New SQL Injection Attack Fuses Malware and Phishin 0 Comments More Login /
Get More Comments