Jump to content


Photo

Hundreds of thousands of SQL injections


  • Please log in to reply
69 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 25 November 2008 - 08:46 AM

Shadowserver - Full list of Injected Sites updated

FYI...
"Warning: We strongly suggest that readers NOT visit websites on this list. They all have a history of covert hacks, redirecting the browser to drive-by-malware installations, and should be considered dangerous and capable of infecting and causing damage to your system with exploits, spyware, trojans, viruses, and the like. "

Full list of Injected Sites
- http://www.shadowser...ql-inj-list.txt
Last Updated: 11/24/08 13:44:37 -0400

Significant additions:
Domain (442 domains)
---------------------------------------------------------------
go .nnd .hk ................ -Count- 92,400 -Date Found- 11/04/08
www .wakasa .or .jp ... -Count- 87,700 -Date Found- 11/12/08

...
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 01 December 2008 - 12:38 PM

FYI...

CBS website iFrame hack
- http://www.infoworld...ame_hack_1.html
December 01, 2008 - "TV network CBS has become the latest big name to have it website used to host malware, a security company has reported. It appears that Russian malware distributors were able to launch another iFrame attack on a sub-domain of the cbs.com site so that it was serving remote malware to any visitors. A user's vulnerability to the malware attack launched by the site hack would depend on a number of factors, including the type of security used on a PC, the operating system, and possibly the browser version... Finjan had informed CBS of the issue, but that the Russian exploit server had in any case been taken offline, neutering the attack for the time being..."

:!: :ph34r: :grrr:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 24 December 2008 - 04:42 AM

FYI...

Mass Injection on John Sands Greeting Card Company site
- http://securitylabs....lerts/3268.aspx
12.23.2008 - "Websense... has discovered that the Web site of John Sands Greeting Card Company is infected with a mass JavaScript injection that delivers a malicious payload. Multiple pages on the site has been found to contain the said malicious code... Acquired by American Greetings in 1996, the company was founded in 1837 by John Sands, the son of an English engraver. The company is Australia's second oldest registered company. In an effort to protect their visitors, Websense Security Labs has contacted John Sands Greeting Card Company and advised them on this incident..."

(Screenshot available at the Websense URL above.)

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#54 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 31 December 2008 - 01:41 PM

FYI...

Multiple Chinese sites compromised...
- http://securitylabs....ent/alerts.aspx
12.31.2008 - Chinese Government Affairs Information Site Compromised...
12.29.2008 - Download Site of China.com Compromised - Malicious Web Site / Malicious Code
12.26.2008 - Sohu Web Site in China Compromised - Malicious Web Site / Malicious Code...

:!:

Edited by apluswebmaster, 31 December 2008 - 01:44 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#55 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 13 January 2009 - 10:07 AM

FYI...

Paris Hilton website infected with malware
- http://www.informati...cleID=212800229
January 12, 2009 - "Once again, hackers have targeted technology associated with Paris Hilton. This time it's her Web site, ParisHilton .com. Security researchers at ScanSafe report that anyone visiting Hilton's site risks infection with malware. "Hilton's popular website, ParisHilton .com, has been outfitted with malware prompting site visitors to 'update' their system in order to continue navigating the site" ScanSafe said in an e-mail. "When the bogus pop-up box appears, users have the option to click 'Cancel' or 'OK.' Regardless of which option they choose, destructive malware will be downloaded to the user's computer"... ScanSafe says the malware has been detected on some 15,000 other Web sites. The company says it found a similar threat, a malicious ad, on Major League Baseball's MLB.com last week. Paris Hilton's site is currently compromised," said Mary Landesman, senior security researcher at ScanSafe, in a phone interview. "We first encountered it on [Jan. 9]. We don't know when it happened." According to Landesman, there's an iFrame that has been embedded in the ParisHilton .com Web site. The iFrame calls out to a site hosting the malware, you69tube .com. It downloads a malicious PDF and attempts to force users into clicking and launching the PDF, which attempts to activate an exploit. Because the malware tries to download additional files whether one clicks "Cancel" or "OK," Landesman says that only a hard quit - CTRL+ALT+Delete - of one's browser provides a way out..."

- http://www.f-secure....s/00001581.html
January 15, 2009 - "... The offending IFrame appears to have been removed at this time... The infection of "Paris Hilton" highlights a popular trend among online attackers..."

:ph34r:

Edited by apluswebmaster, 15 January 2009 - 09:24 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 January 2009 - 05:17 AM

FYI...

"Warning: We strongly suggest that readers NOT visit websites mentioned as being behind the attacks discussed. They should be considered dangerous and capable of infecting your system... list of domains used in the mass SQL injections that insert malicious javascript into websites..."

Full list of Injected Sites
- http://www.shadowser...ql-inj-list.txt
Last Updated: 01/23/09 09:12:21 -0700


:ph34r: :!: :ph34r:

Edited by apluswebmaster, 27 January 2009 - 05:26 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 January 2009 - 10:35 AM

FYI...

IEC website compromised
- http://securitylabs....lerts/3289.aspx
01.27.2009 - "Websense... has discovered that a subdomain of the International Electrotechnical Commission (IEC) Web site has been compromised. The IEC is an international standards organization that prepares and publishes International Standards for all electrical, electronic, and related technologies... The infected subdomain belongs to the TC26 group. Unprotected users would be subjected to execution of obfuscated Javascript that -redirects- to an exploit site, hosting exploits for Internet Explorer, QuickTime and AOL SuperBuddy. Successful execution of the exploit code incurs a drive-by download. This installs a backdoor on the compromised machine. Major antivirus vendors are -not- detecting this payload..."

(Screenshots available at the URL above.)

:ph34r: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#58 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 28 January 2009 - 02:22 PM

FYI...

- http://www.pcmag.com...,2339712,00.asp
01.27.09 Larry Seltzer - "...AVG has released research that indicates the number and volatility of web sites serving malicious code is increasing dramatically... Almost 60% of these sites are up for less than one day. The goal of these techniques seems to be to defeat blacklist-based protections. AVG calls them transient threats. What are these web pages? Few are actually put up to serve malware. Some of them are blog comments, some are advertisements, many are legitimate web sites corrupted through HTML/script injection, and many have been corrupted through compromises of SQL servers through SQL injection. These compromised web sites are tricked into redirecting users to the few sites that directly serve the malware. The combination of the Apache web server and PHP scripting engine are a favorite target of attackers. There are large numbers of vulnerabilities for attackers to exploit and no automated patch system to make sure servers are protected... The actual malware being served varies from fake codecs, game password-stealing attacks to fake anti-spyware. The fake codec sites are the most volatile, with 62% active for less than a day. The fake anti-spyware sites are more stable, but 28% are active less than a day and the average is less than 2 weeks..."

:ph34r: :grrr:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#59 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 30 January 2009 - 09:01 AM

FYI... (It appears the hacks have been busy - CYA)

"Warning: We strongly suggest that readers NOT visit websites mentioned as being behind the attacks discussed. They should be considered dangerous and capable of infecting your system... list of domains used in the mass SQL injections that insert malicious javascript into websites..."

Full list of Injected Sites
- http://www.shadowser...ql-inj-list.txt
Last Updated: 01/29/09 14:02:09 -0700


:ph34r: :!: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#60 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 03 February 2009 - 11:52 AM

FYI...

- http://www-935.ibm.c...?cntxt=a1030786
02 Feb 2009 - "... Web sites have become the Achilles' heel for corporate IT security. Attackers are intensely focused on attacking Web applications so they can infect end-user machines. Meanwhile, corporations are using off-the-shelf applications that are riddled with vulnerabilities; or even worse, custom applications that can host numerous unknown vulnerabilities that can't be patched. Last year more than half of all vulnerabilities disclosed were related to Web applications, and of these, more than 74 percent had no patch. Thus, the large-scale, automated SQL injection vulnerabilities that emerged in early 2008 have continued unabated. By the end of 2008, the volume of attacks jumped to 30 times the number of attacks initially seen this summer...
Although attackers continue to focus on the browser and ActiveX controls as a way to compromise end-user machines, they are turning their focus to incorporate new types of exploits that link to malicious movies (for example, Flash) and documents (for example, PDFs). In the fourth quarter of 2008 alone, IBM X-Force traced more than a 50 percent increase in the number of malicious URLs hosting exploits than were found in all of 2007. Even spammers are turning to known Web sites for expanded reach. The technique of hosting spam messages on popular blogs and news-related websites more than doubled in the second half of this year..."

:!: :ph34r: :grrr:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#61 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 08 February 2009 - 11:59 AM

FYI...

Kaspersky USA site hacked...
- http://www.theregist...promise_report/
8 February 2009 - "A security lapse at Kaspersky has exposed a wealth of proprietary information about the anti-virus provider's products and customers, according to a blogger*, who posted screen shots and other details that appeared to substantiate the claims. In a posting made Saturday, the hacker claimed a simple SQL injection gave access to a database containing "users, activation codes, lists of bugs, admins, shop, etc." Kaspersky has declined to comment... The Register will be updating this story as warranted..."
* http://hackersblog.o...-sql-injection/

:blush: :eek:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#62 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 February 2009 - 10:56 AM

FYI...

500,000 Websites Hit By New Form Of SQL Injection In '08
- http://www.darkreadi...cleID=214600046
Feb. 25, 2009 - "...An automated form of SQL injection using botnets emerged as the popular method of hacking Websites, according to a newly released report from the Web Hacking Incidents Database (WHID), an annual report by Breach Security and overseen by the Web Application Security Consortium (WASC). The report also found that attackers increasingly are targeting a Website's customers rather than the sensitive information in the site's database... Mass SQL Injection Bot attacks basically automate the infection process; the Nihaorr1 and Asprox botnets both deployed this method last year, according to the report... Government, security, and law enforcement organizations represented the biggest sector suffering from these attacks (32 percent), but that may, in part, be due to their more stringent disclosure rules, the report says. Next were information services (13 percent), finance (11 percent), retail (11 percent), Internet (9 percent), and education (6 percent)..."
* http://www.breach.co...s/2008WHID.html

:ph34r: :grrr: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#63 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 29 April 2009 - 11:03 AM

FYI...

DNS redirect attack - Puerto Rico
- http://news.cnet.com...0228436-83.html
April 27, 2009 - "... A group calling itself the "Peace Crew" claimed that they used a SQL injection attack to break into the Puerto Rico registrar's management system... While the sites that visitors were -redirected- to were obviously not the legitimate sites, DNS redirects could be used to send unsuspecting Web surfers to phishing sites pretending to be banks where they would be prompted to provide sensitive information. People should use the SSL (Secure Sockets Layer) protocol for encrypting communications with sensitive sites and use anti-phishing technology in the browser that colors part of the URL address bar green or red based on the safety level of the site being visited..."

(Screenshot available at the URL above.)

:grrr: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#64 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 30 April 2009 - 04:19 AM

FYI...

SQL injections through Search Engine reconnaissance...
- http://ddanchev.blog...ugh-search.html
April 29, 2009 - "From the lone Chinese SQL injectors empowered with point'n'click tools for massive SQL injection attacks, to the much more efficient and automated botnet approach courtesy of, for instance, the ASProx botnet. The process of automatically fetching URLs from public search engines in order to build hit lists for verifying against remote file inclusion attacks and potential SQL injections, remains a commodity feature in a great number of newly released malware bots... A recently released malware bot is once again empowering the average script kiddie with the possibility to take advantage of the window of opportunity for each and every remotely exploitable web application flaw... Moreover, the IRC based bot is also featuring a console which allows manual exploitation or intelligence gathering for a particular site. Some of the features include:
- Remote file inclusion
- Local file inclusion checks ()
- MySQL database details
- Extract all database names
- Data dumping from column and table
- Notification issued when Google bans the infected host for automatically using it
... The window of opportunity for abusing a partcular web application flaw is abused much more efficiently due to the fact that reconnaissance data about its potential exploitability is already crawled by a public search engine - often in real time. The concept, as well as the features within the bot are not rocket science - that's what makes it so easy to use."

:ph34r: :grrr:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#65 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 24 August 2009 - 04:01 PM

FYI...

SQL injection attacks hit 57K sites
- http://www.theregist..._web_infection/
24 August 2009 - "Malicious hackers have managed to infect about 57,000 web pages with a potent exploit cocktail that targets a variety of vulnerable applications to surreptitiously install malware on visitor machines. The exploits install an assortment of nasty software, including Gologger, a keystroke logging trojan, and a backdoor that attempts to connect to a website hosted in China, according to Mary Landesman, a researcher at ScanSafe, a company that protects end users from malicious websites. The attackers were able to plant a malicious iframe in the pages by exploiting SQL injection vulnerabilities. Once in place, the script silently pulls down javascript from a0v .org** that silently runs while people are visiting one of the infected websites... SQL injection attacks exploit weaknesses in web applications that fail to adequately scrutinize text that users enter into search boxes and other web fields. The attacks have the effect of passing powerful commands to the website's back-end database. Landesman's report is available here*."
* http://blog.scansafe...t-cocktail.html
August 21, 2009

> http://www.threatexp...7e577fd1b45805c
16 August 2009 - "... The following Internet Connection was established:
Server Name
qirueixzz. 3322 .org ..."

> http://www.virustota...4194-1249319276
File ae563af77535163a1562cc1106ddf342- received on 2009.08.03 17:07:56 (UTC)
Result: 6/41 (14.63%)

> http://www.virustota...1b12-1249741982
File mam.exe received on 2009.08.08 14:33:02 (UTC)
Result: 26/41 (63.41%)

** http://centralops.ne...ainDossier.aspx
Country: CN

:ph34r: :grrr: :ph34r:

Edited by apluswebmaster, 25 August 2009 - 06:41 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#66 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 August 2009 - 07:58 PM

FYI... [Please DO NOT visit these domains as they are distributing malware both through the files they are peddling and via exploits.]

Following the Injection - a0v .org
- http://securitylabs....Blogs/3465.aspx
08.26.2009 - "... The site that has been injected in this campaign is a 35-day-old domain called a0v.org. The injection is in plain text, non-obfuscated script tags... There is no mercy shown with the frequency of the injections, which confirms that this injection is an automated process, as most injections are... Once a user browses to an infected Web site, the user is redirected to execute the injected script at hxxp ://a0v .org/ x.js... the first takes the user to exploit sites just down the chain, and the second takes the user to a log server established by the baddies... The next stop in the exploit chain is hxxp ://game163 .info/oday/index .html... game163.info is also a fresh domain, registered just 23 days ago. Its source goes to even further redirects in the same site. But before it decides where to go, it checks whether the user's browser is Microsoft Internet Explorer 7, using a hex-represented string for "msie 7"... Following is a summary of all the exploits used, from the last one discovered to the oldest:
Adobe Flash, Acrobat Reader CVE-2009-1862
Microsoft Office Web Components CVE-2009-1136
Microsoft Internet Explorer XML Parsing CVE-2008-4844
Microsoft DirectShow (msvidctl.dll) CVE-2008-0015 - Suspected\Disabled
Microsoft Data Access Components (MDAC) CVE-2006-0003
The exploits are served from multiple replicated Web sites, bearing the exact same code and structure as game163 .info... The newest exploit used in the chain is Adobe Flash and Acrobat Reader CVE-2009-1862 -- alerted on at the end July, and the most troublesome one, due to two facts:
1) Today, most users don't bother to update their versions of Flash/Acrobat.
2) We've recently received reports (in the middle of August) showing almost the same exploit code (with only minor variations in syntax) with an embedded malicious Flash file exploiting CVE-2009-1862 and holding only 2/42 and 0/42 detection rates by vendors, respectively. The results for the malicious Flash file exploiting this vulnerability in this attack are still very low, with only 5/41*, and the related exploit page with only 4/41**. Combine those two facts together, and you have a major breach that allows the attackers to do a great deal of damage. Similar mass injections happen around the clock, capitalizing on the latest exploits that rely on the two facts listed above, and holding different obfuscated source codes and payloads. Those facts can only suggest the large number of infected users from such mass compromises."
* http://www.virustota...0744-1251148350
File xp-swf.txt received on 2009.08.24 21:12:30 (UTC)
Result: 5/41 (12.20%)

** http://www.virustota...3303-1251295435
File ex1.txt received on 2009.08.26 14:03:55 (UTC)
Current status: finished
Result: 4/41 (9.76%)

:ph34r: :ph34r:

Edited by apluswebmaster, 26 August 2009 - 08:16 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#67 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 15 September 2009 - 09:22 AM

FYI...

2009 - Top Cyber Security Risks
- http://www.sans.org/...security-risks/
September 2009 - "Two risks dwarf all others, but organizations fail to mitigate them... attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis... current data - covering March 2009 to August 2009 - from appliances and software in thousands of targeted organizations to provide a reliable portrait of the attacks being launched and the vulnerabilities they exploit...
Executive Summary
Priority One: Client-side software that remains unpatched
.
Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access. Those same client-side vulnerabilities are exploited by attackers when users visit infected web sites...
Priority Two: Internet-facing web sites that are vulnerable.
Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits. Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source as well as custom-built applications account for more than 80% of the vulnerabilities being discovered. Despite the enormous number of attacks and despite widespread publicity about these vulnerabilities, most web site owners fail to scan effectively for the common flaws and become unwitting tools used by criminals to infect the visitors that trusted those sites to provide a safe web experience..."
(Charts available at the URL above.)

- http://securitylabs....Blogs/3476.aspx
09.15.2009 - "... Websense Security Labs identified a 233 percent growth in the number of malicious sites in the last six months and a 671 percent growth over the last year..."

:grrr: :ph34r:

Edited by apluswebmaster, 15 September 2009 - 01:52 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#68 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 November 2009 - 04:54 PM

FYI...

87% of web apps - "serious vulnerabilities..."
- http://sunbeltblog.b...d-with-web.html
November 10, 2009 - "If anyone ever needed a great example for the lectures they give friends, relatives or employees about the importance of installing software updates, here it is. Security firm Cenzic* has made public a report documenting 3,100 vulnerabilities that affect the software used on web sites and in browsers! The report included patched and unpatched vulnerabilities. Cenzic, which provides software as a service, said in their report "Web Application Security Trends Report Q1-Q2, 2009" that Cross Site Scripting and SQL Injection vulnerabilities were a factor in half of all web attacks. They said 87 per cent of web applications their researchers looked at "had serious vulnerabilities that could potentially lead to the exposure of sensitive or confidential user information during transactions"..."
* http://www.cenzic.co...equired_trends/
Q1-Q2 2009
http://www.cenzic.co..._Q1-Q2-2009.pdf

:ph34r: :shok:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#69 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 December 2009 - 12:31 PM

FYI...

303,000+ hit by SQL injection
- http://www.net-secur...rld.php?id=8604
10 December 2009 - "A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports* that the injected iframe loads malicious content from 318x .com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009..."
* http://blog.scansafe...ims-125000.html
"... Detection of the trojan is spotty, with 22/40 antivirus vendors detecting the variant according to this VirusTotal report**..."
** http://www.virustota...3f2a-1260300034
File 8ad31d8d6fc4cb12c9beec93d62d340e received on 2009.12.08 19:20:34 (UTC)
Result: 22/40 (55.00%)

- http://blog.scansafe...r-on-yahoo.html
December 10, 2009 - "... a Yahoo search on the 318x iframe reveals a considerably higher number of hits. Does this mean Google is capping the SERPs at some arbitrary point? Curently, Yahoo is showing 303,000 on my end while a Google search on the 318x iframe is showing 159,000 (up from 125,000 yesterday and 132,000 earlier today)."

- https://www.sans.org...issue=97#sID300
December 10, 2009 - "... A newly-detected SQL injection attack has infected nearly 300,000 web pages with an invisible iframe that gathers malicious code from a series of web sites. The malware seeks vulnerable versions of Adobe Flash, Internet Explorer (IE) and other applications on users' computers and then installs malware that steals online banking credentials."

- http://google.com/sa...?site=318x.com/
"... last time Google visited this site was on 2009-12-15, and the last time suspicious content was found on this site was on 2009-12-15. Malicious software includes 5853 trojan(s), 3423 scripting exploit(s), 1 exploit(s)..."

:ph34r: :grrr: :ph34r:

Edited by apluswebmaster, 17 December 2009 - 07:30 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#70 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 February 2010 - 10:35 AM

FYI...

Automated SQL injection attacks...
- http://www.darkreadi...cleID=223100129
Feb. 22, 2010 - "SQL injections top plenty of lists as the most prevalent means of attacking front-end Web applications and back-end databases to compromise data... analysis of the Web Hacking Incidents Database* (WHID) shows SQL injections as the top attack vector, making up 19 percent of all security breaches examined by WHID. Similarly, in the "Breach Report for 2010" (PDF) released by 7Safe* earlier this month, a whopping 60 percent of all breach incidents examined involved SQL injections... criminals are increasingly using automated SQL injection attacks powered by botnets to hit vulnerable systems... the purpose of those attacks is really to inject JavaScript redirectors into Web pages so that legitimate Web pages end up redirecting their users to exploit toolkits..."
* http://webappsec.pbw...cident-Database

** http://7safe.com/bre...report_2010.pdf

:ph34r: :ph34r:

Edited by apluswebmaster, 23 February 2010 - 10:47 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.




Member of UNITE
Support SpywareInfo Forum - click the button