Mass Hacks...
January 2008
Mass hack infects tens of thousands of sites. Tens of thousands of Web sites have been compromised by an automated SQL injection attack, and, although some have been cleaned, others continue to serve visitors a malicious script that tries to hijack their PCs using multiple exploits, security experts said this weekend. The chief research officer of Grisoft SRO pointed out that the hacked sites could be found via a simple Google search for the domain that hosted the maliciousjava_script. On Saturday, he said, the number of sites that had fallen victim to the attack numbered more than 70,000. “This was a pretty good mass-hack,” he said in a blog post.
“It wasn’t just that they got into a server farm, as the victims were quite diverse, with presumably the only common point being whatever vulnerability they all shared.” Symantec Corp. cited reports by other researchers that fingered a SQL vulnerability as the common thread. “The sites [were] hacked by hacking robot by means of a SQL injection attack, which executes an iterative SQL loop [that] finds every normal table in the database by looking in the sysobjects table and then appends every text column with the harmful script,” said one of the researchers. “It’s possible that only Microsoft SQL Server databases were hacked with this particular version of the robot since the script relies on the sysobjects table that this database contains.” According to the same researcher, the attack appends ajava_script tag to every piece of text in the SQL database; the tag instructs any browser that reaches the site to execute the script hosted on the malicious server. Hacked sites included both .edu and .gov domains, added SANS Institute’s Internet Storm Center (ISC) in a warning posted last Friday, while others flagged several pages of security vendor CA Inc.’s Web site as infected.
Mass hack infects tens of thousands of sites. Tens of thousands of Web sites have been compromised by an automated SQL injection attack, and, although some have been cleaned, others continue to serve visitors a malicious script that tries to hijack their PCs using multiple exploits, security experts said this weekend. The chief research officer of Grisoft SRO pointed out that the hacked sites could be found via a simple Google search for the domain that hosted the maliciousjava_script. On Saturday, he said, the number of sites that had fallen victim to the attack numbered more than 70,000. “This was a pretty good mass-hack,” he said in a blog post.
“It wasn’t just that they got into a server farm, as the victims were quite diverse, with presumably the only common point being whatever vulnerability they all shared.” Symantec Corp. cited reports by other researchers that fingered a SQL vulnerability as the common thread. “The sites [were] hacked by hacking robot by means of a SQL injection attack, which executes an iterative SQL loop [that] finds every normal table in the database by looking in the sysobjects table and then appends every text column with the harmful script,” said one of the researchers. “It’s possible that only Microsoft SQL Server databases were hacked with this particular version of the robot since the script relies on the sysobjects table that this database contains.” According to the same researcher, the attack appends ajava_script tag to every piece of text in the SQL database; the tag instructs any browser that reaches the site to execute the script hosted on the malicious server. Hacked sites included both .edu and .gov domains, added SANS Institute’s Internet Storm Center (ISC) in a warning posted last Friday, while others flagged several pages of security vendor CA Inc.’s Web site as infected.
posted by arkietechs at 7:45 AM
0 Comments:
Post a Comment
<< Home