windshell
Site Admin
Joined: 18 Jan 2007
Posts: 59
|
 Posted: 05/02/08 - 10:50 Post subject: SQL Injections - newest threat for thousands of sites |
 |
|
SQL Injections are newest threat for thousands of sites and online gamers
The dynamic nature of websites, powered by back-end databases made thousands of them possible targets for injections of malicious code.
Three domains have been found to host malicious exploits that hit users while they searching the Internet. Those sites are: nmidahena.com, aspder.com and nihaorr1.com. Links to this content are turning up in thousands of links to otherwise innocent websites, thanks to almost unstoppable outbreak of SQL injection attacks.
Approximately 510,000 pages are affected by the attacks on a variety of sites.
Point of this attacks is that the bad people want to drop a Trojan on victims’ systems. Victims are usually online gamers. With ten million players alone on World of Warcraft, and thousands more on other online games, such Trojans could grab login credentials and steal billing information or in-game valuables.
It’s been found that those attacks now seek out all of the text fields in the database, adding a link to malicious JavaScript to them. The attackers especially look for .asp and .aspx pages.
Any site that offers the ability of content upload, from blogs to forum, could be at risk from the attacks. It’s been suggested however, that webmasters often check their server logs for a section of the injection code they listed in this latest post about the attacks. If it's present, the database needs to be cleaned up, and the application fixed to sanitize incoming content.
News Source:
ientry.com |
|
