[ISN] Latest SQL Injection Campaign Infects 1 Million Web Pages

From: InfoSec News <alerts_at_private>
Date: Thu, 5 Jan 2012 01:46:25 -0600 (CST)

By Kelly Jackson Higgins
Dark Reading
Jan 04, 2012

Another SQL injection campaign is literally going viral, with some 1 
million URLs possibly infected.

The SANS Internet Storm Center over the weekend counted some 1,070,000 
URLs injected with the so-called lilupophilupop.com malware. That's up 
from 80 pages it had found in early December, according to SANS ISC 
handler Mark Hofman.

The attackers compromise sites via SQL injection with this string: ">. 
It appears to have hit sites worldwide, with the most infections in The 
Netherlands "NL" domain, with 123,000, and includes some .com and .org 
sites, as well.

"At the moment it looks like it is partially automated and partially 
manual. The manual component and the number of sites infected suggests a 
reasonable size work force or a long preparation period," Hofman said in 
his blog post on the attack.

But the 1 million URL number might be inflated, says Mary Landesmann, 
senior security researcher for ScanSafe, which is part of Cisco. That 
count could include pages also discussing the attacks, she says. "As a 
result, there is always a huge 'increase' after an initial public report 
is made. In other words, counting the number of results from a search 
engine isn’t a good or viable means of measuring the breadth of a 
compromise," Landesmann says.


Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
Received on Wed Jan 04 2012 - 23:46:25 PST

This archive was generated by hypermail 2.2.0 : Wed Jan 04 2012 - 23:41:00 PST