Massive SQL injection attack has compromised nearly 200, 000 ASP.Net sites

[InfoSec News <alerts () infosecnews org>]

http://www.networkworld.com/news/2011/101911-sql-injection-attack-252188.html

By Julie Bort
Network World
October 19, 2011

Hackers are in the midst of a massively successful SQL injection attack 
targeting websites built on Microsoft's ASP.Net platform. About 180,000 
pages have been affected so far, security researchers say.

Attackers have planted malicious JavaScript on ASP.Net sites that causes 
the browser to load an iframe with one of two remote sites: 
www3.strongdefenseiz.in and www2.safetosecurity.rr.nu, according to 
security researchers at Armorize who discovered the attack. From there, 
the iframe attempts to plant malware on the visitor's PC via a number of 
browser drive-by exploits.

A drive-by exploit will load malware without a visitor's knowledge or 
participation (no need to open a file or click on a link). Fortunately, 
the attackers are using known exploits, with patches available, so the 
attack can only be successful if a visitor is using an outdated, 
unpatched browser without the latest version of Adobe PDF or Adobe Flash 
or Java.

Unfortunately, Armorize says that only a few of the most popular 
antivirus vendors can detect the dropped malware, according to the 
Virustotal web site. Virtustotal is a security monitoring service 
offered by Hispasec Sistemas that analyzes suspicious files and URLs. At 
this time, it says that six antivirus packages out of the 43 it monitors 
can detect this latest SQL injection attack. These are AntiVir, 
ByteHero, Fortinet, Jiangmin, McAfee and McAfee-GW-Edition.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn