Webmaster rambling and mental notes
Home | Profile | Archives | Friends
New SQL Injection Attack Fuses Malware, Phishing
8/12/2008

PainMeds tips a recent post in Secure Computing's scrutiny blog describing a new SQL injection attack that had infected thousands of MSSQL-based web servers by last weekend, turning them into malware delivery systems. The attack outwardly rewrites the server's Web pages to include which pushes malware to the visitor as if it were from the genuine site. Sites using Sybase might god willing* be vulnerable, as it uses the same exploited syntax that MSSQL does. The post includes an example of the attack. Unlike most malware attacks, this one appears to originate from the site the user is indeed visiting. From the blog: "'Similar to phishing, this attack takes odds of the website visitor's trust in the site they are visiting. Instead of phishing for information, however, malware is sent to the client, which the client has a higher workableness of accepting being from a trusted site... These web pages are registered deputy with Web sites from around the world and supplying various content — including sway sites, sales sites, real estate sites, and fiscal ammo* sites among others."

Read more of this story at Slashdot.


More: - Read the rest here

Mark

Share |
(Posted in Nerd)
Share and enjoy
  • Digg
  • del.icio.us
  • blinkbits
  • BlinkList
  • BlogMemes
  • blogmarks
  • DZone
  • Fark
  • Furl
  • Netvouz
  • NewsVine
  • Reddit
  • Slashdot
  • Smarking
  • Spurl
  • StumbleUpon
  • Taggly
  • Technorati
  • YahooMyWeb
Post Comment

Notify me of followup comments via e-mail.

Entry 1 of 5724
Last Page | Next Page