A New Hack Attack Hits Apple.com
As per the news published by The Register on August 17, 2010, a hack attack, which exposes users to the malware exploits, has corrupted over 1 Million webpages which include at least two of Apple.
Legitimate firms websites are infected by SQL injection attacks with database commands which try to add hidden malicious links leading to harmful malware exploits. Most of the websites and webpages victimized belonged to mom-and-pop operations, but out of these webpages, two pages belonged to Apple which were used for promoting iTunes podcasts.
Fortunately, these harmful malware links and exploits have been cleaned as Google indexed and trace those two iTunes pages.
A ScanSafe Senior Researcher Mary Landesman has said that these malicious assaults have been continuous and are frequently changing, according to the news published by Erictric on August 17, 2010.
Landesman further states that many of these compromised sites have been engaged in frequent compromises in the last few months. It is not yet clear if the same attackers are responsible for these attacks or they are different attacks.
In accordance with the reports, at least 538 have become victims of the attack. However, other attacks (which feature similar "fingerprints" pointing to different websites) have been spotted.
The SQL injection assaults are successful because web applications do not scan search queries properly and other user-supplied content. After the processing of data, commands are transmitted to a website's backend server. This results into the addition of links or exposure of sensitive information.
Meanwhile, the security experts have commented that the attack is the latest among the hack attacks in order to hit large number of websites and webpages. As on June 2010, mass compromise adversely hit configured websites. More than 1000 pages of a wide range of domains compromised in the attack. The attack affects those who visit the links to connect to a server that tries to install malware in their PCs.
Related article: A New "Blackmailing" Variant Creeps Around…
» SPAMfighter News - 23-08-2010