Topics
Tags
Favorite Links
Translate
Pick Your Language
Security Books
Archives
Recent entries...
Twitter
Sponsored Ads
Popular Pages
Sponsored Ads
The Web Security Mailing List

« Potential risks of using Google's free DNS service? | Main | Experimenting With WASC Threat Classification Views: Vulnerability Root Cause Mapping »

132,000+ sites Compromised Via SQL Injection

Net-Security has posted an article on the discovery of 132k+ sites that have been SQL Injected. From the article

"A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009."

The google search query string is here.

Read more: http://www.net-security.org/secworld.php?id=8604

Posted by Robert A. on 12/10/2009 in Incidents , IndustryNews | Permalink | Reddit

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!



Afaik, this query returns only pages that escape database content before display, so it's not accurate. Google overestimates number of results anyway, so the real numbers may be similar.

Posted by: lpilorz | Dec 11, 2009 12:18:49 AM

Post a comment







Remember personal info?


Copyright 2000-2009 CGISecurity.com | Privacy Policy| java mailing list| resolve ip| Mailing Lists | Sony deals