Latest SQL Injection Campaign Infects 1 Million Web Pages

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/232301285/latest-sql-injection-campaign-infects-1-million-web-pages.html

By Kelly Jackson Higgins
Dark Reading
Jan 04, 2012

Another SQL injection campaign is literally going viral, with some 1 
million URLs possibly infected.

The SANS Internet Storm Center over the weekend counted some 1,070,000 
URLs injected with the so-called lilupophilupop.com malware. That's up 
from 80 pages it had found in early December, according to SANS ISC 
handler Mark Hofman.

The attackers compromise sites via SQL injection with this string: ">. 
It appears to have hit sites worldwide, with the most infections in The 
Netherlands "NL" domain, with 123,000, and includes some .com and .org 
sites, as well.

"At the moment it looks like it is partially automated and partially 
manual. The manual component and the number of sites infected suggests a 
reasonable size work force or a long preparation period," Hofman said in 
his blog post on the attack.

But the 1 million URL number might be inflated, says Mary Landesmann, 
senior security researcher for ScanSafe, which is part of Cisco. That 
count could include pages also discussing the attacks, she says. "As a 
result, there is always a huge 'increase' after an initial public report 
is made. In other words, counting the number of results from a search 
engine isn’t a good or viable means of measuring the breadth of a 
compromise," Landesmann says.

[...]

_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn