CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 24th, 2008

Thousands Of Sites Infected In Renewed SQL Injection Attacks

Large numbers of legitimate Web sites, including government sites in the U.K. and some operated by the United Nations, have been hacked and are serving up malware as massive JavaScript attacks last detected in March resume. The same techniques as last month are used and among the sites hacked were several affiliated with either the UN or U.K. government agencies.

The exact number of sites that have been compromised is unknown but the estimation is that it’s similar to the March attacks, which at their height infected more than 100,000 URLs, including prominent domains such as MSNBC.com. Although the U.K.-based sites appeared to have been cleansed of the malicious JavaScript, the UN sites had not.

The attackers have now switched over to a new domain as their hub for hosting the malicious payload in this attack. Although the malware-hosting domain has changed, it’s located at a Chinese IP address, just like the one used in March. It also looks like they’re using just the one hosting site, but changing the link within the JavaScript. When a visitor reaches one of the hacked sites, the malicious JavaScript loads a file from the malware-hosting server, then redirects the browser to a different page, also hosted on the Chinese server. Once loaded, the file attempts eight different exploits, including one that hits a vulnerability in Internet Explorer’s handling of Vector Markup Language (VML) that was patched in January 2007.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • Phishing Botnet Expands By SQL Injecting Websites Found In Google
  • Almost 300,000 Webpages Infect Visitors Through Invisible IFrame Link
  • New Lateral SQL Injection Method To Hack Oracle Database
  • Thousands Of High-Ranked Webpages Infected With Malware, Including Intljobs.org, WSJ.com, tomtom.com.tw
  • SQL Attacks Still Inject Websites Including Government Sites In US, UK

    • Posted in Hacked, Mass Web Attacks | Print This Post Print This Post

    This entry was posted on Thursday, April 24th, 2008 at 3:44 am and is filed under Hacked, Mass Web Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Thousands Of Sites Infected In Renewed SQL Injection Attacks

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « « Former LendingTree Employees Sold Access To Customers Database
    FBI Wants To Monitor The Internet For “Illegal” Activity » »