New SQL Injection Attack Infecting Machines

Discussion in 'News' started by Kitkatninja, Aug 13, 2008.

  1. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,140
    555
    383

    New SQL Injection Attack Infecting Machines



    A new SQL injection attack started circulating last week, and appears to have infected several thousand web servers as of late Friday evening. The attacks look similar to the one below, and attempt to query random valid files on the web server.

    The sysobjects and syscolumns tables queried are the give away: the attack is targeting machines running MSSQL server and storing the malicious HTML code in the database. It’s also possible that web servers with Sybase database backends could also conceivably be exploited, as Sybase is largely using the same SQL syntax and table structure as MSSQL server.

    The SQL statement itself scans through all of the tables in the database, inserting the attack author’s own HTML into the contents of each page. This ultimately causes the web server’s visitors to, depending on their client, be sent one of many different forms of malware from the referred pages. Similar to phishing, this attack takes advantage of the website visitor’s trust in the site they are visiting. Instead of phishing for information, however, malware is sent to the client, which the client has a higher likelihood of accepting being from a trusted site.

    Read the whole thing here.

    -Ken
     
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
porta2_tags:

Comments

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.