New SQL Injection Attack Infecting Machines
A new SQL injection attack started circulating last week, and appears to have infected several thousand web servers as of late Friday evening. The attacks look similar to the one below, and attempt to query random valid files on the web server.
The sysobjects and syscolumns tables queried are the give away: the attack is targeting machines running MSSQL server and storing the malicious HTML code in the database. Its also possible that web servers with Sybase database backends could also conceivably be exploited, as Sybase is largely using the same SQL syntax and table structure as MSSQL server.
The SQL statement itself scans through all of the tables in the database, inserting the attack authors own HTML into the contents of each page. This ultimately causes the web servers visitors to, depending on their client, be sent one of many different forms of malware from the referred pages. Similar to phishing, this attack takes advantage of the website visitors trust in the site they are visiting. Instead of phishing for information, however, malware is sent to the client, which the client has a higher likelihood of accepting being from a trusted site.
Read the whole thing here.