Breaking News

Sony Unveils Sony FE 100mm F2.8 Macro GM OSS Creative Launches Aurvana Ace 3 GIGABYTE Announces Availability of 27” QHD 280Hz WOLED Gaming Monitor MO27Q28G with 4-Sided Borderless Design Crucial ® LPCAMM2 Powers AI-Ready Laptops With Breakthrough 8,533MT/s Speeds Logitech announces MX Master 4

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Massive Injection Attach Hits Websites

Massive Injection Attach Hits Websites

Enterprise & IT Apr 2,2011 0

More than one million website pages have been hit by a hacking attack that injects code into sites, security firm Websense announced. The "mass-injection" attack has managed to insert malicious code into websites by gaining access to the servers running the databases behind the Internet, according to Websense.

Websense has called it 'LizaMoon,' after the site to which the malicious code first directed its researchers.

The LizaMoon mass-injection is a SQL injection attack that inserts the following line into the code of the page:



Currently, a search on Google returns more than 1,500,000 results that have a link with the same URL structure as the initial attack. Google Search results aren't always great indicators of how prevalent or widespread an attack is as it counts each unique URL or page, not domain or site, but it does give some indication of the scope of the problem if you look at how the numbers go up or down over time.

Websense have been contacted by people who have seen the code in their Microsoft SQL databases. Initially the company received reports of users running Microsoft SQL Server 2000 and 2005 being hit but since then they have also received reports of websites using Microsoft SQL Server 2008 being injected as well.

Websense added that there's a vulnerability in Microsoft SQL Server 2003 and 2005. "Everything points to that this is a vulnerability in a web application. We don't know which one(s) yet but SQL Injection attacks work by issuing SQL commands in unsanitized input to the server. That doesn't mean it's a vulnerability in the SQL Server itself, it means that the web application isn't filtering input from the user correctly," the company said.

Users can see that they are being redirected when they attempt to visit an infected address, and can close the window with no ill effects. However, If users do not close the window after typing an infected address, or clicking an infected link, they are redirected to a page showing a warning from 'Windows Stability Center' -- posing as a Microsoft security product -- that there are problems with their computer and they are urged to pay for software to fix it.

Tags:
Previous Post
IEEE Approves IEEE 802.16m Mobile Wireless Stanbdard
Next Post
CEA Launches Earth Day Photo and Video Contest

Related Posts

Latest News

Sony Unveils Sony FE 100mm F2.8 Macro GM OSS
Cameras

Sony Unveils Sony FE 100mm F2.8 Macro GM OSS

Creative Launches Aurvana Ace 3
Consumer Electronics

Creative Launches Aurvana Ace 3

GIGABYTE Announces Availability of 27” QHD 280Hz WOLED Gaming Monitor MO27Q28G with 4-Sided Borderless Design
Gaming

GIGABYTE Announces Availability of 27” QHD 280Hz WOLED Gaming Monitor MO27Q28G with 4-Sided Borderless Design

Crucial ® LPCAMM2 Powers AI-Ready Laptops With Breakthrough 8,533MT/s Speeds
Enterprise & IT

Crucial ® LPCAMM2 Powers AI-Ready Laptops With Breakthrough 8,533MT/s Speeds

Logitech announces MX Master 4
Enterprise & IT

Logitech announces MX Master 4

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Terramaster F8-SSD

Terramaster F8-SSD

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Soundpeats Pop Clip

Soundpeats Pop Clip

Akaso 360 Action camera

Akaso 360 Action camera

Dragon Touch Digital Calendar

Dragon Touch Digital Calendar

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed