Slashdot Mirror

← Back to Stories (view on slashdot.org)

SQL Injection Attack Claims 132,000+

Posted by CmdrTaco on from the check-yer-code-people dept.

An anonymous reader writes "A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009."

2 of 186 comments (clear)

  1. Re:How is SQL involved? by Anonymous Coward · · Score: 0, Offtopic

    If you would have read TFA you would have seen that:

    The combined action results in checks for MDAC, OWC10, and various versions of Adobe Flash. Depending on the results, the malcode then delivers one of several possible exploits.

    Observed exploits include:
    Integer overflow vulnerability in Adobe Flash Player, described in CVE-2007-0071
    MDAC ADODB.Connection ActiveX vulnerability described in MS07-009
    Microsoft Office Web Components vulnerabilities described in MS09-043
    Microsoft video ActiveX vulnerability described in MS09-032
    Internet Explorer Uninitialized Memory Corruption Vulnerability – MS09-002.

  2. AV Detection by I)_MaLaClYpSe_(I · · Score: 0, Offtopic
    according to TFA:

    Malware description
    Threatname: Backdoor.Win32.Buzus.croo
    Aliases: Trojan-PWS.Win32.Lmir (Ikarus, a-squared); TR/Hijacker.Gen (AntiVir); Trojan/Win32.Buzus.gen (Antiy-AVL); W32/Agent.S.gen!Eldorado (F-Prot, Authentium); Win32:Rootkit-gen (Avast); Generic15.CBGO (AVG); Trojan.Generic.2823971 (BitDefender, GData); Trojan.Buzus.croo (Kaspersky, QuickHeal); Trojan.NtRootKit.2909 (DrWeb); Trj/Buzus.AH (Panda).