Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - New SQL Injection Attack Fuses Malware and Phishin

Submitted by PainMeds
PainMeds (1301879) writes "According to a recent post in Secure Computing's research blog, a new SQL injection attack has infected thousands of MSSQL-based web servers over the weekend, effectively turning them into malware delivery systems. The attack apparently rewrites the server's web pages to include javascript which, in turn, pushes malware to the website visitor as if it were from the genuine website. From the blog, "Similar to phishing, this attack takes advantage of the website visitor's trust in the site they are visiting. Instead of phishing for information, however, malware is sent to the client, which the client has a higher likelihood of accepting being from a trusted site... These web pages are associated with web sites from around the world and supplying various content- including government sites, sales sites, real estate sites, and financial information sites among others." An example of the attack has been included in the post. Unlike most malware attacks, this attack appears to originate from the website the user is actually visiting."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New SQL Injection Attack Fuses Malware and Phishin

Comments Filter:

"What is wanted is not the will to believe, but the will to find out, which is the exact opposite." -- Bertrand Russell, _Sceptical_Essays_, 1928