CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 8th, 2008

SQL Attacks Still Inject Websites Including Government Sites In US, UK

A new round of SQL injection attacks (most likely by Asprox) has infected millions of web pages belonging to businesses and government agencies, including those that belong to the National Institutes of Health and Education Department in the US and the UK Trade & Investment. It seems that a lot of domains involved are still (or again) active, typically using fast flux. The script that is being injected tends to be ngg.js, fgg.js, b.js or js.js. This links to an IP address that is still active.

Simple Google search shows at least 1,470,000 infected pages, some from US and UK government websites that have been hit by the attack. The attack is rather popular and not hard to perform, something that is worrying to know about government-run websites. About 591,000 or so are infected with b.js which seems to point to inactive domains so these are unlikely to do damage. The rest is a mixture of active and inactive links.

A quick breakdown by SANS shows the numbers of infected sites:

.gov – 238
.gov.au – 927
.gov.uk – 2,930
.gov.cn – 34,000
.gov.za – 424
.gov.br – 263
.com – 474,000
.org – 79,900
.com,au – 19,500
.co.uk – 19,300
.ca – 13,100

The high number of infected sites points to a couple of issues. First, sites are compromised and nobody notices, and second, sites that are infected are not cleaned up. To check your own website, do the following Google search replacing domain.com with your own website domain. If this search returns results, you have to clean your website, since it infects it`s visitors:

site:domain.com “script src=http://*/””ngg.js”|”js.js”|”b.js”

SQL injections take advantage of web developers who write applications that accept user-supplied data without inspecting it for malicious characters. The input is usually entered into search boxes or other fields that interact with the site’s SQL database. Commands in the entered data instruct the website to add links that redirect visitors to websites under the control of attackers.

Share this item with others:

More on CyberInsecure:
  • More Websites Are Compromised, This Time Avoiding Chinese Websites And Users
  • Thousands Of Sites Infected In Renewed SQL Injection Attacks
  • Phishing Botnet Expands By SQL Injecting Websites Found In Google
  • Adobe Redirects Surfers To Malware Installing Malicious Sites
  • US Army Website Compromised Through SQL Injection

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: SQL Attacks Still Inject Websites Including Government Sites In US, UK

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.