New
#11
I visit all websites and I don't have any malware.
A lot of the affected domains were legitimate: Over 62,000 New URLs Serving Exploit Cocktail - Vulnerable visitors get infected with backdoors and info stealing trojans - Softpedia
You can find many supposedly legitimate websites listed on host files.
If I search for that string without quotes I receive 32,600 results. With quotes 158,000.
The article is nearly a year old.
I found one website still containing the code (I only checked a few). The domain hosting the script is thankfully down.
Edit: According to http://siteanalytics.compete.com one of the legitimate affected websites had 150,000 unique visits during August 2009.
Last edited by malexous; 25 Jul 2010 at 22:07.
Without quotes in Google I get 1,440 hits. With quotes I get 10,200 hits. MOST of these are all people asking about it, not actual websites with the embedded script.
When digging I could only find portal/forum based websites as these are most susceptible, the DotNetNuke portal for example: Script Injection on DNN 4.9.4 - Administration and Configuration - DotNetNuke
Of course people running portals and forums should be protecting themselves against SQL injections anyway but it doesn't seem like any real (or major) websites were affected.
I was searching at Google.ie | I get the same results as you at Google.com
The most major affected website was probably feedzilla.com (it's clean now).
Many major websites have been or are vulnerable to different attacks.
Google, Symantec, Ebay, Intel, MPAA, Kaspersky, Avast, ESET, RIAA, U.S. Bank, Bank of America, McAfee, AVG, F-Secure, Avira, Paypal, etc.
Thanks to Team Elite.
Other major websites have been exploited maliciously and non-maliciously. Incidents - News - page 1 - Softpedia
Edit: I remember reading about a news site being attacked. This is probably it: Mass Web attack hits Wall Street Journal, Jerusalem Post
Last edited by malexous; 25 Jul 2010 at 23:52.
Curious...I'm no hacker but I do have experience on websites, primarily using PHP based portals with SQL backends.
How is a SQL injection (adds information into database) going to modify HTML code of a website? HTML (or even PHP) is generally stagnant and permissions are set so that you'd need something like FTP permission to modify them. I have experience with an SQL injection a couple times on a website I ran. It forced me to use NukeSentinel on top of my web portal. After I installed that the SQL attacks stopped (NS can ban IP addresses attempting scripts against your website) so then my website was DDOSed.
Anyway, I'm confused at the articles pointing to SQL injections modifying HTML code.
I guess the debate would be whether you trust the admin of the website you are visiting? Did they go the extra mile to protect their databases?
I think it's your choice to have it or not.
But, every little bit of protection helps. If it stops even one bug from getting on your system, then it's been worth it.