Websense has a complete write up the attack, dubbed 'LizaMoon,' but here's the basic gist: it looks like someone is exploiting a vulnerabilty (or vulnerabilities) in hundreds of thousands of websites running on Microsoft SQL Server 2003 and 2005. It's not yet known whether this is a vulnerability in SQL Server, or simply a case of outdated, unmaintained, and easily-exploitable CMSes.
The real problem with SQL injection attacks is that there's nothing we surfers can do about them. There will always be old and unmaintained websites, and thus SQL injections will remain one of the easiest and most lucrative tools of hackers and spammers alike. All you can do is keep your antivirus and anti-malware software up to date, and pray.
Gargantuan SQL injection infects 3.8 million URLs, installs rogue antivirus originally appeared on Download Squad on Fri, 01 Apr 2011 05:30:00 EST. Please see our terms for use of feeds.
Permalink | Email this | Comments
Iron Mountain Inorated Iomega Intuit Intersections International Rectifier International Game Technology
Post a Comment