Over 1M pages compromised in massive SQL injection attack
Posted on 05 January 2012.
At the beginning of December researchers from the Internet Storm Center spotted a relatively limited SQL attack - about 80 affected pages - redirecting visitors of legitimate websites to malicious ones serving fake AV and fake Adobe Flash. Now, little over a month later, the number of affected websites surpassed one million and became officially large enough for sounding the alarm again.


The attack was dubbed "Lilupophilupop" by the researchers after the domain to which the victims are redirected. The offending string is typically introduced into several tables, and sites running ASP or ColdFusion with an MSSQL backend are targeted primarily.

At the beginning, the attack looked completely automated and was spreading rapidly, but researcher Mark Hofman says that it now seems to be partially automated and partially manual. "The manual component and the number of sites infected suggests a reasonable size work force or a long preparation period," he concluded.

The attackers first probed systems for vulnerable pages and tried to establish which product was being used. This went on for a couple of weeks, and from a variety of IP addresses, and once a vulnerable page has been found, the script was inserted.

"If you want to find out if you have a problem just search for:


in Google and use the site: parameter to hone in on your domain," he advises, and warns that identifying the entry page is crucial for cleaning the site. "If you restore your DB and bring the system back online without identifying the entry point, then it will only be a matter of time before the system is re-compromised. When looking at fixing the problem do not forget that this vulnerability is a coding issue. You may need to make application changes."






Spotlight

What security experts think about Apple Pay

Posted on 11 September 2014.  |  Apple Pay works with iPhone 6 and iPhone 6 Plus through a NFC antenna design, a dedicated chip called the Secure Element, and the security and convenience of Touch ID.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 12th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //