SANS warns of uptick in 'Lilupophilupop' attack, but Cisco said total number of infected Web pages likely lower.
Another SQL injection campaign is literally going viral, with some 1 million URLs possibly infected.
The SANS Internet Storm Center over the weekend counted some 1,070,000 URLs injected with the so-called lilupophilupop.com malware. That's up from 80 pages it had found in early December, according to SANS ISC handler Mark Hofman.
The attackers compromise sites via SQL injection, and it appears to have hit sites worldwide, with the most infections in The Netherlands "NL" domain, with 123,000, and includes some .com and .org sites, as well.
"At the moment it looks like it is partially automated and partially manual. The manual component and the number of sites infected suggests a reasonable size work force or a long preparation period," Hofman said in his blog post on the attack.
But the 1 million URL number might be inflated, said Mary Landesmann, senior security researcher for ScanSafe, which is part of Cisco. That count could include pages also discussing the attacks, she said. "As a result, there is always a huge 'increase' after an initial public report is made. In other words, counting the number of results from a search engine isn’t a good or viable means of measuring the breadth of a compromise," Landesmann said.
Published: 2015-06-02 Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
Published: 2015-06-02 The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of request.
Published: 2015-06-02 Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.
From Target to Sony to Anthem, they are happening all around you: the “big” data breaches that compromise critical data and threaten the welfare of the corporate brand. Is your organization ready to respond?