An outbreak of SQL injection attacks has infected over 380,000 sites
Over 380,000 URLs have been infected with malicious scripts in a massive SQL injection attack.
The injected code has been monitored over the past week as anti-malware companies worked out what was happening. The injected code redirects users to malicious addresses such as FakeAV and RougeAV.
Evolving And Spreading
Extremely large as this attack may be, John Kuhn, a senior global Internet threat analyst at IBM Internet Security Systems, still reckons it is not yet the biggest injection attack in recent years.
“We are not seeing near the volume compared to the ‘asprox’ and ‘dnf666’ attacks,” he blogged. “The reason for this is simple, the attacks seem to source from a few choice IPs which correspond back to the site being injected into the victim’s database. The Asprox SQL Injection attack, for instance, utilised a botnet to do the mass injection, giving them far more reach and bandwidth.”
Several iTunes sites have been infected but the way iTunes works, by encoding script tags, means that users were never at risk as the code could not execute on their machines.
SQL injection seems to be enjoying a phase of popularity at the moment and earlier this week sites belonging to Oracle’s Sun and MySQL subsidiaries were infected.