SANS warns of uptick in 'Lilupophilupop' attack, but Cisco said total number of infected Web pages likely lower.
Another SQL injection campaign is literally going viral, with some 1 million URLs possibly infected.
The SANS Internet Storm Center over the weekend counted some 1,070,000 URLs injected with the so-called lilupophilupop.com malware. That's up from 80 pages it had found in early December, according to SANS ISC handler Mark Hofman.
The attackers compromise sites via SQL injection, and it appears to have hit sites worldwide, with the most infections in The Netherlands "NL" domain, with 123,000, and includes some .com and .org sites, as well.
"At the moment it looks like it is partially automated and partially manual. The manual component and the number of sites infected suggests a reasonable size work force or a long preparation period," Hofman said in his blog post on the attack.
But the 1 million URL number might be inflated, said Mary Landesmann, senior security researcher for ScanSafe, which is part of Cisco. That count could include pages also discussing the attacks, she said. "As a result, there is always a huge 'increase' after an initial public report is made. In other words, counting the number of results from a search engine isn’t a good or viable means of measuring the breadth of a compromise," Landesmann said.
Dark Reading Tech Digest, Dec. 19, 2014Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Published: 2015-01-23 The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.
Published: 2015-01-23 OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.
Published: 2015-01-23 Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.