Automated attacks spread across government and education environments as well as commercial sites

Dark Reading Staff, Dark Reading

January 8, 2008

1 Min Read

An automated SQL injection attack has caused as many as 70,000 Websites to steer users toward malicious code over the last few days, according to researchers.

The attack adds a JavaScript tag to every piece of text in a Website's SQL database, the researchers said. The tag instructs any browser that reaches the site to execute the script hosted on the malicious server.

The automated attack hit a broad range of Websites, researchers said. "This was a pretty good mass-hack," said Roger Thompson, a researcher at Exploit Prevention Labs -- now a part of Grisoft -- in his blog. "It wasn't just that they got into a server farm, as the victims were quite diverse, with presumably the only common point being whatever vulnerability they all shared."

The SANS Institute's Internet Storm Center said the attack hit government and educational institutions as well as commercial sites. The SQL injection attack may also have played a part in the security problems experienced by Computer Associates over the weekend, SANS said.

Ironically, the attack was launched using an old client vulnerability, and it has been relatively easy to clean up, Thompson said.

"The only exploit we were able to [discover] was the venerable MS06-014 (MDAC) patched in September 2006," Thompson said. "What this means is that [the attackers] went to the trouble of preparing a good Website exploit, and a good mass-hack, but then used a mouldy [sic] old client exploit. It's almost a dichotomy."

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights