Slashdot Mirror

← Back to Stories (view on slashdot.org)

500 Thousand MS Web Servers Hacked

Posted by kdawson on from the scream-and-shout dept.

andrewd18 writes "According to F-Secure, over 500,000 webservers across the world, including some from the United Nations and UK government, have been victims of a SQL injection. The attack uses an SQL injection to reroute clients to a malicious javascript at nmidahena.com, aspder.com or nihaorr1.com, which use another set of exploits to install a Trojan on the client's computer. As per usual, Firefox users with NoScript should be safe from the client exploit, but server admins should be alert for the server-side injection. Brian Krebs has a decent writeup on his Washington Post Security Blog, Dynamoo has a list of some of the high-profile sites that have been hacked, and for fun you can watch some of the IIS admins run around in circles at one of the many IIS forums on the 'net."

2 of 332 comments (clear)

  1. Re:Bias? by plague3106 · · Score: 0, Flamebait

    Well, this is /., home of OSS FUD.

  2. Re:This site makes me sick by javilon · · Score: 0, Flamebait

    Maybe it has to do with the average quality of windows sysadmins and programmers. You can do us all a favor and whack their heads.

    But, with 500,000 websites hacked, you have a lot of whacking to do...

    --


    When his defense asked, "Which computer has Jon Johansen trespassed upon?" the answer was: "His own."