New SQL Attacks Targeting MSSQL Servers
A new SQL injection attack that began circulating during the first week of August 2008 has reportedly passed infection onto thousands of Web servers, according to Security Researchers at F-Secure. Also, the attack seems to randomly find active files that might be stored on these servers.
The researchers also said that the malware attack target systems running MSSQL server as well as maintaining a malicious HTML code in database. Furthermore, it is possible that servers with Sybase database could be exploited as it largely utilizes the same SQL table structure and syntax as MSSQL server uses.
Besides, the SQL statement itself goes through all the tables in the database and incorporates the attacker's HTML into the pages...
» SPAMfighter News - 23-08-2008