Hackers Attack Mass Websites Using SQL Injection

An attack with automatic SQL insertion has compromised thousands of websites and although the code has been removed from some, others are still infecting visitors with the malicious code that attempts to take over their computers by exploiting multiple flaws, according to security experts.

Chief Research Officer of Grisoft SRO, Roger Thompson, said that about 70,000 websites have been succumbed to the attack and hijacked. The attack resulted in a substantial mass hack, said Thompson. The hacked sites were not from any common source - rather, they were quite varied in nature. The common factor was possibly the vulnerability they shared, Thompson analyzed. ComputerWorld published this in news on January 7, 2008.

Another Security Company, Symantec Corp, also pointed that the SQL flaw is the common factor. By injecting the SQL, robots are hijacked to hack the websites. The attack runs the SQL loop repeatedly to find the normal data tables by examining the sysobjects data table and then adding the malicious script to every column in it.

The hack attack also infected websites of Fortune 500 corporations, agencies of the state government and various schools. The infection with the malicious code tries to conduct click fraud for theft of online game details from visitors to the intended sites.

The attack also caused infection to 94,000 or more URLs by the rapidly shifting exploit, which diverts visiting traffic to the uc8010-dot-com domain. Among the prominent bodies infected are Computer Associates, a security company, sites for Boston University, the state of Virginia and the city of Cleveland.

The hackers managed to break into the sites by taking advantage of unpatched servers where SQL injection flaws resided. The injections contained JavaScript that turned users towards the fraudulent site, which exploited a number of security holes to plant keylogging program that captured passwords for online games, according to CTO Johannes Ullrich for the SANS Internet Storm Center. Theregister published this on January 8, 2008.

Security researchers presume that a group of hackers continue to refer to the harmful domain and rather effectively. Users are therefore advised to update their browsers, media software, browser plug-ins and other software.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 1/17/2008