Lilupophilupop SQL-insertion Assault Compromises more than 1m Websites

The SANS ISC (Internet Storm Center), during the final weekend of 2011, estimated that the allegedly known lilupophilupop.com malicious software alternatively the SQL-insertion assault by lilupophilupop.com lately struck a total 1,070,000 URLs. The number is greater than the 80 web-pages the Center counted during early-December 2011, says Mark Hoffman, handler at SANS ISC. Darkreading.com published this on January 5, 2012.

Indeed, it seems that the attackers hijack websites through SQL-insertion using the ">" string that targeted websites all over the world when the majority of contaminations (123,000) occurred within the "NL" domain of The Netherlands along with a few .org and .com websites too.

Moreover, the assault initially appeared wholly automated, while proliferating fast; however, according to Hoffman, currently it appears as partly automated and partly hand done. The hand done part as well as the total number of websites contaminated indicates that the attack's preparation took a long time alternatively a good number of workers were behind its execution, he analyzes. Help Net Security published this on January 5, 2012.

Giving further information about the SQL-insertion assault, Senior Security Researcher Mary Landesmann of ScanSafe, a unit of Cisco stated that the over 1m web-address count possibly was exaggerated. For, that count might even contain the web-pages which talked abut the attack. Consequently, there was forever an enormous increase in URLs infected, following the occurrence of the first instance public report. That implied that counting any search engine results wasn't an appropriate way of evaluating a compromise's size, Landesmann explained. Darkreading.com reported this.

Interestingly, for some cyber-criminals, a huge instance of SQL-insertion assaults is the best method for disseminating malware scams wherein the effort put is the minimum. Clearly, the contamination proliferates as fast as plague while it easily hijacks all the unprotected sites for fulfilling a malevolent campaign.

These hijacked websites have a problem i.e. they're often those getting a large number of visitors. Therefore, if these visitors are provided fake AV programs they may feel lured towards installing them, thereby letting online crooks to reap enormous cash from less-savvy Web surfers who actually become convinced that their computers have an infection.

» SPAMfighter News - 1/13/2012