Mass Hack Infects Tens of Thousands of Sites

An anonymous reader writes "Tens of thousands of Web sites have been compromised by an automated SQL injection attack, and although some have been cleaned, others continue to serve visitors a malicious script that tries to hijack their PCs using multiple exploits, security experts said this weekend. Hacked sites included both .edu and .gov domains, the SANS Institute's Internet Storm Center reported in a warning posted last Friday. The ISC also reported that several pages of security vendor CA's Web site had been infected. Roger Thompson, the chief research officer at Grisoft, pointed out that the hacked sites could be found via a simple Google search for the domain that hosts the malicious JavaScript. On Saturday, said Thompson, the number of sites that had fallen victim to the attack numbered more than 70,000. 'This was a pretty good mass hack,' said Thompson, in a post to his blog." By Sunday a second round of the same attack had infected over 90,000 servers.

Re:NoScript

[geminidomino]

How's that foot taste, you twat? If you'd RTFA, you'd see that the exploit added scripts to *malware sites* to the affected sites. GP was talking about the users of those sites being protected from the malware.

PLEASE forget to breed, in the name of evolution.

Re:You should still be careful.

[toadlife]

I admire, your and others' attempts to inform the masses on the real issue here, but the ignorant masses are are out in force on this one and this giant anti-Microsoft circle jerk will not be stopped.

targets only microsoft servers

[mabu]

FTA: It's possible that only Microsoft SQL Server databases were hacked with this particular version of the robot since the script relies on the sysobjects table that this database contains."

I think that's a relevant aspect to report. This is yet another MS-based vulnerability. It also makes sense since IIS servers are more likely to be serving the much less secure IE client.