http://www.darkreading.com/database-security/167901020/security/attacks-breaches/232301285/latest-sql-injection-campaign-infects-1-million-web-pages.html By Kelly Jackson Higgins Dark Reading Jan 04, 2012 Another SQL injection campaign is literally going viral, with some 1 million URLs possibly infected. The SANS Internet Storm Center over the weekend counted some 1,070,000 URLs injected with the so-called lilupophilupop.com malware. That's up from 80 pages it had found in early December, according to SANS ISC handler Mark Hofman. The attackers compromise sites via SQL injection with this string: ">. It appears to have hit sites worldwide, with the most infections in The Netherlands "NL" domain, with 123,000, and includes some .com and .org sites, as well. "At the moment it looks like it is partially automated and partially manual. The manual component and the number of sites infected suggests a reasonable size work force or a long preparation period," Hofman said in his blog post on the attack. But the 1 million URL number might be inflated, says Mary Landesmann, senior security researcher for ScanSafe, which is part of Cisco. That count could include pages also discussing the attacks, she says. "As a result, there is always a huge 'increase' after an initial public report is made. In other words, counting the number of results from a search engine isn’t a good or viable means of measuring the breadth of a compromise," Landesmann says. [...] _____________________________________________________ Did a friend send you this article? Make it your New Year's Resolution to subscribe to InfoSec News! http://www.infosecnews.org/mailman/listinfo/isnReceived on Wed Jan 04 2012 - 23:46:25 PST
This archive was generated by hypermail 2.2.0 : Wed Jan 04 2012 - 23:41:00 PST