New mass SQL injection attack infects 56,000 websites

By

Tens of thousands of websites have been compromised with a suite of malware containing backdoors, password stealers and downloaders, according to a security firm.

“It's a pretty potent concoction, from a malware perspective,” Mary Landesman, ScanSafe's senior security researcher, told SCMagazineUS.com.

So far, more than 56,000 sites have been compromised -- via SQL injection -- with a malicious IFRAME that loads exploits from several attacker-owned domains, Landesman said. The malware-hosting domains were registered between August 3 and 9.

The compromised sites can be identified through a Google search for a malicious IFRAME script tag. The infected sites vary in category, but a number of charitable, nursing and travel sites particularly have been targeted.

“In general, these are your mom-and-pop websites,” Landesman said. “They are not big-name sites, but they do extremely well in search engine results for niche markets."

For example, the websites of approximately 203 assisted-living facilities, all run by the same management company, were infected.

When a user visits one of the compromised sites, the IFRAME silently loads content from the malware-hosting sites, Landesman said. The attack runs through dozens of exploits to attempt to find one to which the user's machine is susceptible. Given the wide range of exploits being used, the chance of the attack being a success is fairly high, she added.

The malware ultimately is designed for data theft.

"[It] gives the attackers the ability to glean a great deal of information about the people who become infected,” Landesman said.

Infected websites have been the single biggest threat during the first half of the year, according to a report released in July by security firm Sophos. In addition, the top 100 “dirtiest” sites are hosting upward of 18,000 different pieces of malware on average.


See original article on scmagazineus.com

New mass SQL injection attack infects 56,000 websites
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?