Mass Hack Infects Tens of Thousands of Sites

An anonymous reader writes "Tens of thousands of Web sites have been compromised by an automated SQL injection attack, and although some have been cleaned, others continue to serve visitors a malicious script that tries to hijack their PCs using multiple exploits, security experts said this weekend. Hacked sites included both .edu and .gov domains, the SANS Institute's Internet Storm Center reported in a warning posted last Friday. The ISC also reported that several pages of security vendor CA's Web site had been infected. Roger Thompson, the chief research officer at Grisoft, pointed out that the hacked sites could be found via a simple Google search for the domain that hosts the malicious JavaScript. On Saturday, said Thompson, the number of sites that had fallen victim to the attack numbered more than 70,000. 'This was a pretty good mass hack,' said Thompson, in a post to his blog." By Sunday a second round of the same attack had infected over 90,000 servers.

Okay Hands Up...

[AndGodSed]

...those of you who thought "Awesome!"

I am no fan of malicious hacking, but my inner geek always stirs when I read something like this, much like watching someone in the real world accomplishing an amazing but insane feat, like those guys with the squirrel suits base-jumping, or something *cough*

Question, where any *nix or L*X machines compromised? Might be a dumb question, so bash me all you want if it was...

Re:Okay Hands Up...

[berashith]

Even if it is an ad, they are apparently very good at what they do. I mean, infecting this many machines this quickly just so their product is needed... they are hella smart.

Re:Okay Hands Up...

[0100010001010011]

Yes, sounds like someone didn't Sanitize their input.

If only they had little Bobby Tables doing the testing.

Phew! Nothing to see here!

[thechanklybore]

Woah, I was almost worried for a second before I read it was Microsoft specific!

My darling Apache and PostgreSQL may you never let evildoers overflow your fair buffers.

*wipes brow*

Re:Phew! Nothing to see here!

[bberens]

Microsoft has saved us all once again. If Microsoft had not trained developers all across the world to use it's proprietary extensions rather than ANSI compatible SQL then something important might have been hit by this attack rather than poorly coded webapps running MSSQL. Thank you Microsoft for taking this bullet for us.

/too thick?

Re:this kinda of crap anin't gonna stop until:

[Antique+Geekmeister]

That's right. Just make sure it has a GPL or possibly an Apache license, and your security status will improve quite a bit.

Re:The aim of the hack

[LiquidCoooled]

AV firms came back to work yesterday ;)
They had a 2 week holiday.

Re:well then it ain't gonna stop

[John+Hasler]

> There's not nearly enough digital signing, even from reputable sources, to make "No
> signatrue? No execute" work. You can't get the things you want by applying this policy,
> and because people don't apply the policy, nobody bothers to go through the effort of
> signing.

I install only signed code and I get everything I want. I use Debian.

Re:SQL injection

[Fizzl]

sql injection to gain root

I will gnaw my leg of if this dribble gets modded up.

Just One Example

[soloport]

Here are more details on how such an attack can take place, and the devastation it can cause.

Re:So what does it do?

[mrdarreng]

Any idea? No fucking clue, but it managed to break out of slashdot's layout in FF. That's some powerful code!