Attacks/Breaches
1/5/2012
01:49 PM
Connect Directly
RSS
E-Mail
50%
50%

SQL Injection Hack Infects 1 Million Web Pages

SANS warns of uptick in 'Lilupophilupop' attack, but Cisco said total number of infected Web pages likely lower.

Another SQL injection campaign is literally going viral, with some 1 million URLs possibly infected.

The SANS Internet Storm Center over the weekend counted some 1,070,000 URLs injected with the so-called lilupophilupop.com malware. That's up from 80 pages it had found in early December, according to SANS ISC handler Mark Hofman.

The attackers compromise sites via SQL injection, and it appears to have hit sites worldwide, with the most infections in The Netherlands "NL" domain, with 123,000, and includes some .com and .org sites, as well.

"At the moment it looks like it is partially automated and partially manual. The manual component and the number of sites infected suggests a reasonable size work force or a long preparation period," Hofman said in his blog post on the attack.

But the 1 million URL number might be inflated, said Mary Landesmann, senior security researcher for ScanSafe, which is part of Cisco. That count could include pages also discussing the attacks, she said. "As a result, there is always a huge 'increase' after an initial public report is made. In other words, counting the number of results from a search engine isn’t a good or viable means of measuring the breadth of a compromise," Landesmann said.

Read the rest of this article on Dark Reading.

Read our report on how to guard your systems from a SQL attack. Download the report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

CVE-2014-2356
Published: 2014-07-30
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.

Best of the Web
Dark Reading Radio