Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mass Hack Infects Tens of Thousands of Sites

Posted by kdawson on from the stay-safe-out-there dept.

An anonymous reader writes "Tens of thousands of Web sites have been compromised by an automated SQL injection attack, and although some have been cleaned, others continue to serve visitors a malicious script that tries to hijack their PCs using multiple exploits, security experts said this weekend. Hacked sites included both .edu and .gov domains, the SANS Institute's Internet Storm Center reported in a warning posted last Friday. The ISC also reported that several pages of security vendor CA's Web site had been infected. Roger Thompson, the chief research officer at Grisoft, pointed out that the hacked sites could be found via a simple Google search for the domain that hosts the malicious JavaScript. On Saturday, said Thompson, the number of sites that had fallen victim to the attack numbered more than 70,000. 'This was a pretty good mass hack,' said Thompson, in a post to his blog." By Sunday a second round of the same attack had infected over 90,000 servers.

8 of 259 comments (clear)

  1. Not surprised by Anonymous Coward · · Score: -1, Troll

    Why am I not surprised to find everyone's favorite evil software monopoly's SQL server is the one being attacked?

    1. Re:Not surprised by Anonymous Coward · · Score: -1, Troll

      Mother fucking ponies. When will they ever learn

      Microsoft are full of child fuckers and wife beaters, you honestly expect them to produce safe software?

      When will people fucking learn

  2. SQL injection by hesaigo999ca · · Score: -1, Troll

    Nothing new, this seems like the same old story over and over, sql injection to gain root, once u got it, then u got it for good, redirects to a web site with hacker friendly code, voila , you got malware. I am surprised that this is something still making news. I guess for the next generation of pc users, we need to educate them. I always said owning a computer is like ownign a car, you would never use a car without knowing how to drive, although you did buy the car. Same applies for computers, or in this case web development. Not because someone can throw some html and asp together that it makes them a web programmer....

    Anyways I am just rambling as usual, go ahead troll me...

    "the best way to predict the future is to invent it!"

  3. Re:Okay Hands Up... by renegadesx · · Score: 1, Troll

    An above poster (and some fan of paedophelia and wife bashing) seem to think its M$ SQL Servers that got hit

    At the same time it could just be flaming

    --
    Make SELinux enforcing again!
  4. You jFail It by Anonymous Coward · · Score: -1, Troll

    salews andQ so on, bought the farm....

  5. Re:Good acts of violence by zaydana · · Score: 0, Troll

    But what about when you have to clean up a nice girl's computer?

    I say congrats to the guys who made this, and keep up the good work!

  6. Re:this kinda of crap anin't gonna stop until: by element-o.p. · · Score: 0, Troll
    Huh. Kinda sounds like...:

    #!/usr/bin/perl -Tw
    use strict;
    ...

    That's one of the big reasons I like Perl so much :)
    --
    MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
  7. Re:Phew! Nothing to see here! by Mister+Whirly · · Score: 0, Troll

    Wow, your informative well thought out post was so incredible, I just had a brain aneurysm processing the wealth of intelligence it contained. You obviously understand programming, especially platform-independent programming, so well it is scary. It is just not fair that one AC should have so much divine knowledge.

    Or you could just be a total trolling choad who has no concept of back-end and front-end when it comes to databases.

    --
    "But this one goes to 11!"