Slashdot Mirror

← Back to Stories (view on slashdot.org)

SQL Injection Attack Claims 132,000+

Posted by CmdrTaco on from the check-yer-code-people dept.

An anonymous reader writes "A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009."

3 of 186 comments (clear)

  1. Re:Windoze by TheNinjaroach · · Score: 5, Informative

    All I can tell (from TFA), is it affects Windows servers.

    SQL injection attacks affect any number of platforms. It's not a Windows problem, it's not a database problem, it's a "we hired cheap, unskilled developers" problem.

    Now the people who browse these sites and get hit with malware, that looks to be specific to Windows.

    --
    I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
  2. Obvious, but needs to be said by GreenTom · · Score: 4, Informative

    Add to windows\system32\drivers\etc\hosts:

    127.0.0.1 318x.com

    And you should be safe, for the moment.

  3. Re:Let's say it all together now... by Vellmont · · Score: 3, Informative


    validate your SQL inputs before posting them against an Internet-facing database.

    Or simply use prepared statements (or whatever the equivalent term is in your language of choice). Prepared statements are far safer and easier than trying to validate all the current potential and future potential for breaking out of a SQL statement. It won't protect you from people putting in their own parameters into your SQL statement (like say someone elses userID), but that's a different class of vulnerability.

    --
    AccountKiller