More than 4,000 websites may need been infected by a huge SQL injection attack.
According to a blog by the SANS Internet Storm Centre handler Mark Hofman, several reports were seen of web sites being injected with a string it really is inserted into several tables. “From the tips gathered thus far it looks targeted at ASP, IIS and MSSQL backends, but that's just speculation,†he said.
He later said that around 80 sites originally showed up in a Google search, this increased to 200 around 12 hours afterward Friday morning, just a few hours later it increased to one,000 and at a final check had exceeded 4,000. Visitors to hacked sites are being redirected to pages attempting to push rogue anti-virus programs or another payload.
“The hex will show within the IIS log files, so monitor those,†Hofman wrote. “Make sure that applications only have the access they require, so if the page doesn't ought to update a (database), then use an account that could only read.†He also recommended blocking access to the malicious redirect site.
Similar waves of SQL injection attacks was common for years, including a big one which occurred earlier this year.
Nessun commento:
Posta un commento
Comments links could be nofollow free