A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009.
Full article at: Help Net Security
Unu, who has gained a good deal of attention lately, is known for his vulnerability disclosures that center on SQL Injection. In his latest adventures, he returns to a vendor he has targeted in the past, security software specialist Kaspersky.
In February, Unu went public on HackersBlog and disclosed the SQL Injection flaws he had discovered on Kaspersky’s USA portal. The flaws, which led to complete access to users, activation codes, lists of bugs, admins, shopping, etc., were quickly patched, and Kaspersky was quick to point out that, “despite their attempts, the hackers were unable to gain access to restricted information stored on the website. Claims by the hackers responsible for the attack that they had managed to gain access to user data are untrue.”
Read more: The Tech Harold
The hacking of a police website earlier this week is indicative of a lack of secure website development.
Phil Neray, vice president of security strategy for Guardium, claimed that SQL injection is a big problem worldwide, and restricted budgets mean organisations are unable to hire the most sophisticated web developers, which results in security flaws like SQL injection.
The Durham police website was hacked earlier this week with messages posted protesting over terrorist-related deaths in Pakistan. A spokesperson for Durham police told BBC News that an investigation was now under way and the ‘offending matter’ was being removed by computer specialists. A spokesman said: “We are aware of a problem with the force website and the offending matter is being removed. An investigation into how this occurred is under way.”
Neray said: “Since it’s now fairly easy to download automated toolkits for finding these flaws, almost anyone can perform these attacks, including politically-minded cybervandals.”
Source: SC Magazine UK
