Hacker
Compromised sites attempt to install a password-stealing Trojan

SQL attack hits 500,000 websites

Sans warns of growing danger

Shaun Nichols in California

vnunet.com, 25 Apr 2008

Security researchers have uncovered a new SQL attack which has compromised more than half a million web pages.

"They have hit city websites, commercial sites and even government websites, " wrote Sans researcher Donald Smith.

Advertisement

"This type of injection pretty much voids the concept of 'trusted' or 'safe' websites."

Security firm F-Secure said that at least 510,000 pages have fallen victim to the attack.

The compromised sites have been embedded with code that redirects the user to a third-party site at which eight different exploits attempt to install a password-stealing Trojan.

F-Secure and Sans Institute urged administrators to block access to the domains hosting the malware exploit.

They have hit city websites, commercial sites and even government websites

Donald Smith Sans Institute

The Sans Internet Storm Center recommended blocking access to hxxp:/www.nihaorr1.com and the IP it resolves to 219DOT153DOT46DOT28 at the edge or border of the network.

F-Secure also recommended that administrators of hosting servers check their logs for possible attacks.

The outbreak is the latest in a rash of large-scale attacks this year. In March, a pair of attacks, one infecting 10,000 pages and another compromising 200,000 pages, were uncovered by researchers.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Do you agree?

Have your say on this article

Further reading

Infosec Video Lounge Part 2

Infosec video lounge in association with Microsoft Part Two

Infosec Europe 2008

Infosec Europe 2008 Special Report

The latest news and views from Europe's number one information security event

Infosec: Security tops government IT agenda

Citrix report highlights main priorities

Infosec: Surfers wary of using credit cards online

Confidence plummets as attacks soar

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

More video

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

old computer

Government honours veterans of Bletchley Park at last

Surviving veterans of the code-breaking facility to receive badge of...

Motorola MC55 Enterprise Digital Assistant

Review: Motorola MC55 Enterprise Digital Assistant

A rugged Windows Mobile device for mobile workers

BT

BT promises 1.5m fibre connections by summer 2010

Telco begins major rollout in 69 locations across the UK

Primary Navigation