1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New SQL Injection Attack Infecting Machines

Discussion in 'News' started by wagnerk, Aug 13, 2008.

  1. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator


    New SQL Injection Attack Infecting Machines

    A new SQL injection attack started circulating last week, and appears to have infected several thousand web servers as of late Friday evening. The attacks look similar to the one below, and attempt to query random valid files on the web server.

    The sysobjects and syscolumns tables queried are the give away: the attack is targeting machines running MSSQL server and storing the malicious HTML code in the database. It’s also possible that web servers with Sybase database backends could also conceivably be exploited, as Sybase is largely using the same SQL syntax and table structure as MSSQL server.

    The SQL statement itself scans through all of the tables in the database, inserting the attack author’s own HTML into the contents of each page. This ultimately causes the web server’s visitors to, depending on their client, be sent one of many different forms of malware from the referred pages. Similar to phishing, this attack takes advantage of the website visitor’s trust in the site they are visiting. Instead of phishing for information, however, malware is sent to the client, which the client has a higher likelihood of accepting being from a trusted site.

    Read the whole thing here.

    Certifications: CITP, PGCert, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: PGDip