SANS Internet Storm Center has revealed that another massive SQL injection attack may be underway.Based on a quick search on Google,the malicious string is being used and more than 4000 websites have been infected, SANS handler Mark Hofman.That is a rapid rise from day before, the day the ambush was first detected, when only about 80 sites appeared to be compromised.
Impacted sites appear to be running Microsoft Internet Information Services or Microsoft SQL web servers and are using software from ASP.NET or either the ColdFusion.Visitors to hacked sites are being redirected to pages trying to push rogue anti-virus programs or another payload.What is happening is that the hex will show in the IIS log files, so monitor those.
Impacted sites appear to be running Microsoft Internet Information Services or Microsoft SQL web servers and are using software from ASP.NET or either the ColdFusion.Visitors to hacked sites are being redirected to pages trying to push rogue anti-virus programs or another payload.What is happening is that the hex will show in the IIS log files, so monitor those.
Make sure that applications only have the access they require, so if the page does not need to update a database, then use an account that can only read.Personally,I recommended blocking access to the malicious redirect site.Similar waves of SQL injection attacks have been common for years, including a major one earlier this year that left my friend Ville Makinnen in total mess.
No comments:
Post a Comment