Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mass SQL Injection Attack Hits Sites Running IIS

Posted by Soulskill on from the oft-repeated-headlines dept.

Trailrunner7 writes "There's a large-scale attack underway that is targeting Web servers running Microsoft's IIS software, injecting the sites with a specific malicious script. The attack has compromised tens of thousands of sites already, experts say, and there's no clear indication of who's behind the campaign right now. The attack, which researchers first noticed earlier this week, already has affected a few high-profile sites, including those belonging to The Wall Street Journal and The Jerusalem Post. Some analyses of the IIS attack suggest that it is directed at a third-party ad management script found on these sites."

3 of 288 comments (clear)

  1. I suspect.... by 8127972 · · Score: 0, Troll

    ... That the volume of Apache and PHP downloads are about to go up.

    --
    This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
    1. Re:I suspect.... by Foofoobar · · Score: 1, Troll

      Honestly, no sql injection attack affecting THOUSANDS of sites and THOUSANDS of systems on Apache systems. Yes. Singular attacks by bonehead developer who don't know their head from a singularity. But Microsoft seems to have a record for allowing these things to continue to occur on THOUSANDS of system over and over (ie Code Red, Nimda, etc etc).

      While Apache (which is installed on nearly twice as many systems) still remains far more secure and you never hear of anything like this happening on Linux or Apache systems. So yes, I'd say Apache is pretty darn immune from not only this kind of attack but from your sarcasm as well.

      --
      This is my sig. There are many like it but this one is mine.
  2. Defiantone64 by DefiantOne64 · · Score: 0, Troll

    why is anybody running IIS anyway... Is this not another outdated technology from mickey$oft.