SQL Injection Attack Claims 132,000+

An anonymous reader writes "A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009."

Re:hey

[jo42]

dd if=/dev/zero of=/dev/sda bs=8192 will fix it.

Re:hey

[Yvan256]

Call a comedy club and get your computer on stage?

Re:Details?

[Yvan256]

But a Trojan needs user access and approval to get installed. No OS on the planet can protect itself from a user with the admin password.

Re:Details?

[Bert64]

Windows 9x used to due a pretty good job, can't own a system once it's bluescreened.

Re:Windoze

[TheNinjaroach]

All I can tell (from TFA), is it affects Windows servers.

SQL injection attacks affect any number of platforms. It's not a Windows problem, it's not a database problem, it's a "we hired cheap, unskilled developers" problem.

Now the people who browse these sites and get hit with malware, that looks to be specific to Windows.

Obvious, but needs to be said

[GreenTom]

Add to windows\system32\drivers\etc\hosts:

127.0.0.1 318x.com

And you should be safe, for the moment.

Re:Details?

[LordKaT]

Even still, this blog post is fucking useless. What CMS? What input is not being validated? Is it an underlying problem with Drupal? Wordpress? Joomla? What version?

On top of that, it doesn't give any recommendations for what end users could do to protect themselves. Does anti-virus software already detect it? Can you simply alter your hosts file? Disable Javascript?

The blog post is completely fucking useless.