Home Code Snippets Oracle Reference Oracle Functions Oracle Error Codes Forum Oracle Jobs Oracle Blogs

Massive SQL Injection Attack Nails Sites Running IIS

There's a massive attack currently taking place that's targeting servers running Microsoft's IIS. The attack results in infecting the sites with a malicious script, and has already compromised "tens of thousands" of sites already, according to an article on threatpost.com. The attack was first noticed earlier this week and has  affected a number of high-profile sites, including those belonging to The Wall Street Journal, The Jerusalem Post, and the ServiceWomen.org site.

Experts say that an analysis of the attack points to the possibility that it takes advantage of a third-party ad management script used on the sites. The ad management script does not (apparently) properly sanitize incoming variables. According to Google over 114,000 different pages have been infected. The common factor appears to be that they are all hosted on IIS servers and using ASP.net.

More coverage:
http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html

http://threatpost.com/en_us/blogs/mass-sql-injection-attack-hits-sites-running-iis-061010

This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam Protection by WP-SpamFree