Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Thousands of Recently Compromised Websites Waiting to Attack

17 Aug 2010   #1

Win 7 Ultimate 64-bit. SP1.
Thousands of Recently Compromised Websites Waiting to Attack


Tens of thousands of websites recently compromised in an injection attack, which employs some unusual obfuscation techniques, could start serving a malicious payload at any time.

Security researchers from the SANS Internet Storm Center (ISC) warn of a new SQL injection-like attack, which has compromised a significant number of websites.

The injected code is obfuscated inside the database using an unusual technique which involves calling the CAST() function twice to convert the string between different character sets.

First a variable @s is declared. Then the variable is defined by requesting a CAST on a string of hexadecimal values and finally the variable is executed.

The variable contains a second CAST command, which decodes to a hidden <iframe> element that calls a php script from a domain.

"This attack will try to update every varchar column in your database to append the iframe text shown. This has been a massive and successful attack," Manuel Humberto Santander PelŠez, the ISC handler who investigated the compromise, writes.

More -
Thousands of Recently Compromised Websites Waiting to Attack - - Softpedia

My System SpecsSystem Spec
18 Aug 2010   #2
Layback Bear

Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64

JMH I think I get it. It is a backdoor code that does nothing but tell another infection that has been install but sleeping to start running. Is that what all that means?
My System SpecsSystem Spec
18 Aug 2010   #3

Win7 Home Premium 64x

more like. it changes the type and in doing so it changes non-malicious code into malicious code.

Think of it this way:

Insert Command1::"This is delicious"
Change %de% to %ma%
Run Command1::

"This is malicious"

See it makes something that would have been delicious into something that is malicious. Now that the server is compromised, the malicious code can now access internally and allow connections or allow code to be ran.

Later on a virus is uploaded to the compromised server...
My System SpecsSystem Spec


 Thousands of Recently Compromised Websites Waiting to Attack

Thread Tools

Similar help and support threads
Thread Forum
Recently conquered Virus/Malware attack, now BSOD returns!
Hello, Heres what went down. I used to get the BSOD before, but it was easily remedied by system restore and it was over. Well day before yesterday I got that nasty FBI Moneypak Ransomware Virus, I soon conquered that and spent the last two days on a crusade. I have ran every version of...
BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:31.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App