And so the SQL attacks continue…
Yep…It’s still going-and its worse than ever it seems. Hundreds of thousands of unsuspecting people are stillstumbling across perfectly legitimate websites that have been compromised by an SQL injection, and as a result are infected with a nastyTrojan.
These types of Trojans are known for changing an affected system’s local DNS and Internet browser settings, thus making the system vulnerable for even more potential threats. (Trend Micro have written a very good post explaining what happens once infected)
Therefore I thought I would take some time to mention a dew domains (courtesy of f-secure) admins should block to avoid any possible chance of infection:
- yl18.net
- www.bluell.cn
- www.kisswow.com.cn
- www.ririwow.cn
- winzipices.cn
- www.wowgm1.cn
- www.killwow1.cn
- www.wowyeye.cn
- vb008.cn
- 9i5t.cn
- computershello.cn
This is a good time to again mention that this not a vulnerability in Microsoft IIS or Microsoft SQL that is used to make this happen. If you are an administrator of a website that is using ASP/ASP.NET, you should make sure that you sanitize all inputs before you allow it to access the database.
There are many articles on how to do this such as this one. You could also have a look at URLScanwhich provides an easy way to filter this particular attack based on the length of the QueryString.
Popularity: 1%
Written by Patrick S. Read more great feeds at is source WEBSITE
no comments.
Read more articles on MS SQL and otherSoftware and Windows Server System and Windows XP and Security.
- [+] Digg: Feature this article
- [+] Del.icio.us: Bookmark this article
- [+] Furl: Bookmark this article
