Mass SQL injection attack compromises 70,000 websites

Share this article:
Updated Wed., Jan. 9, 2008, at 4:37 p.m. EST

An automated SQL injection attack, which at one point compromised more than 70,000 websites, hijacked visitors' PCs with a variety of exploits last week, according to researchers.

The hacked sites, which could be found easily via a Google search, affected a wide variety of pages, Roger Thompson, chief research officer at Grisoft, noted Saturday in a blog post.

"This was a pretty good mass hack," he said. "It wasn't just that they got into a server farm, as the victims were quite diverse, with presumably the only common point being whatever vulnerability they all shared.”

The attack affected websites in both the .edu and .gov domains, according to researchers at the SANS Institute's Internet Storm Center (ISC). Several pages of CA's website were infected as well.

"These are almost all trusted sites," Alan Paller, SANS research director, told SCMagazineUS.com.

The cyberattackers used a SQL injection attack on Microsoft's SQL Server database product to compromise the array of sites. "[It was] an application that accessed system tables not commonly accessed," said Phil Neray, vice president of marketing at Guardium.

“[The affected tables] told the hacking application where to insert the malicious code in the database," he said. “Once visitors connect to that database, they get infected with a variety of malware, including the RealPlayer bug discovered in October of last year.

Thompson noted that the 15-month-old vulnerability in Microsoft Data Access Components (MDAC), patched in April 2006, was one flaw exploited in the attack.

“[The hackers] went to the trouble of preparing a good website exploit, and a good mass hack, but then used a moldy old client exploit,” he said, adding that most of the infected sites were quickly sanitized.

Paller said end-users don't have a way to defend themselves against such attacks.

"In this case, [the attackers] are using SQL injection, which is hard for the user to do anything about," he said.

A Microsoft spokesperson said that the Redmond, Wash.-based computing giant is aware of public claims of exploitation, but unawards of customer impact.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

NIST finalizes cloud computing roadmap

NIST finalizes cloud computing roadmap

The NIST architecture is designed to accelerate the adoption of cloud computing.

Chinese MitM attack targets iCloud users

Chinese MitM attack targets iCloud users

The attack used a false certificate to trick iCloud users into handing over personal data and login credentials. With an attack of this size, some experts and researchers believe the ...

EPIC: driver data shared via V2V technology needs protection

The groups shared comments on V2V communications with the National Highway Traffic Safety Administration.