|17 Aug 2010||#1|
| || |
Thousands of Recently Compromised Websites Waiting to Attack
Tens of thousands of websites recently compromised in an injection attack, which employs some unusual obfuscation techniques, could start serving a malicious payload at any time.
Security researchers from the SANS Internet Storm Center (ISC) warn of a new SQL injection-like attack, which has compromised a significant number of websites.
The injected code is obfuscated inside the database using an unusual technique which involves calling the CAST() function twice to convert the string between different character sets.
First a variable @s is declared. Then the variable is defined by requesting a CAST on a string of hexadecimal values and finally the variable is executed.
The variable contains a second CAST command, which decodes to a hidden <iframe> element that calls a php script from a nemohuildiin.ru domain.
"This attack will try to update every varchar column in your database to append the iframe text shown. This has been a massive and successful attack," Manuel Humberto Santander PelŠez, the ISC handler who investigated the compromise, writes.
Thousands of Recently Compromised Websites Waiting to Attack - - Softpedia
|My System Specs|
|18 Aug 2010||#3|
| || |
more like. it changes the type and in doing so it changes non-malicious code into malicious code.
Think of it this way:
Insert Command1::"This is delicious"
Change %de% to %ma%
"This is malicious"
See it makes something that would have been delicious into something that is malicious. Now that the server is compromised, the malicious code can now access internally and allow connections or allow code to be ran.
Later on a virus is uploaded to the compromised server...
|My System Specs|
|Similar help and support threads for2: Thousands of Recently Compromised Websites Waiting to Attack|
|DDoS Attack, Changed IPs Still Under Attack||System Security|
|Recently conquered Virus/Malware attack, now BSOD returns!||BSOD Help and Support|
|Why would Firefox show "waiting for" some websites?||Browsers & Mail|
|Improper SSL Implementations Leave Websites Wide Open to Attack||Security News|
|Mass injection attack compromised 20,000+ domains, delivers fake AV||Security News|
|Attack Toolkits and Malicious Websites||Security News|
|New Drive-By Download Attack Exploits Recently Patched IE Flaw||Security News|