New SQL injection worm making the rounds - Security Bytes

IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Security Bytes > New SQL injection worm making the rounds

» VIEW ALL POSTS May 7 2008 3:34PM GMT

New SQL injection worm making the rounds

Posted by: Dennis Fisher

Information Security Threats

The trend toward large-scale attacks against Web sites through the use of SQL injection is continuing, as experts at both the SANS Internet Storm Center and Shadowserver Foundation are tracking a newly discovered SQL injection worm that appears to be exploiting a RealPlayer flaw and dropping malware on vulnerable sites. The attacks are focusing on ASP pages and are using the familiar iFrame exploitation method that has been involved in a number of the recent mass SQL injection attacks. After a successful exploitation of a vulnerable PC, the infected Web site installs a binary on the user’s PC. The analysis of the attack done by the folks at Shadowserver shows that the binary is named “test.exe” and is just one link in a long chain of downloaders and malware.

“This binary that is download by this attack appears to be part of a kit we have seen in the Chinese malware family for some time now. The first thing this malware does once installed is download a configuration file. This configuration file has several commands and tells the system what to do next. In our instance it [tells it] to download yet another file and to report in to a URL,” the Shadowserver analysis says.

Fun for the whole family. Shadowserver also has a good list of some of the malicious sites and IP addresses that are serving the malware, for your filtering pleasure.

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Cross Site Scripting » Blog Archive » New Sql Injection Worm Making the Rounds - Security Bytes | Feb 11 2009 7:57PM GMT

[...] The analysis of the attack done by the folks at Shadowserver shows that the binary is named “test.exe” and is just one link in a long chain of downloaders and malware. “This binary that is download by this attack appears to be part of a …Page 2 [...]

Visit Information Security Home | Information Security News | Information Security White Papers | Information Security Videos | Information Security Resources

Ask an IT Question

About the Blogger

Robert Westervelt

Twitter.com/rwestervelt Rob is a news reporter and editor for SearchSecurity.com. Since joining TechTarget in July 2003, Rob has covered SAP, Oracle and the database industry for SearchDatabase.com, SearchSAP.com and SearchOracle.com. Prior to joining TechTarget, Rob was a newspaper reporter for five years at The Day in New London, Conn., where he wrote a variety of crime, general news, government and business stories while covering towns in Southeastern Connecticut. A military veteran, Rob served four years with the U.S. Air Force, U.S. Forces Police in Kaiserslautern Germany. He holds a degree in journalism from the University of Connecticut. READ MORE

>> READ MORE ABOUT THE BLOGGERS

Browse This Blog's Tags

Adobe Flash, Antivirus, antivirus software, Application Security, banking Trojan, cloud security services, Compliance, Conficker, cybersecurity coordinator, Data Breaches and Identity Theft, Data Breaches and Identity Theft, data security, DHS, federal cybersecurity, Firefox security, Identity and access management, Information Security Careers, Information Security Threats, Laws, Investigations and Ethics, malicious URLs, Microsoft Security, Microsoft Security Essentials, Mozilla security, Network Security, P2P, patch management, patching, PCI compliance, Phishing, Platform Security, Privacy, Project Minerva, ransomeware, risk, Rogue Antivirus, Security, security budgets, security jobs, Security Management, security research, Security Vendor News, shortened URLs, social engineering, social networking flaws, tokenization, Twitter security, Uncategorized, web application flaws, webmail security, Zeus Trojan

Security Wire Daily News

brought to you by SearchSecurity.com

Top spammer gets four years in jail for stock fraud scheme
Alan Ralsky, the self-proclaimed "Godfather of Spam," was jailed for his role in a stock fraud spam scheme.

Health Net breach failure of security policy, technology
Investigators should question why an external hard drive contained seven years of data, but IT security should have had the appropriate security polic...READ MORE

Cost of security, IT management add up at healthcare facilities, study finds
Digitalizing healthcare records and new health systems fail to cut costs, according to new research from Harvard University. Security and other manage...READ MORE

Exploit code targets Internet Explorer zero-day display flaw
Exploit code is publically available targeting an Internet Explorer cascading style sheet (CSS) handling error, according to Symantec.

Increase in Gumblar backdoors poses FTP credential problems
Security Researcher explains how to detect the Trojan, but many victimized website owners don't have the technical expertise to fix the problem.

Blog Roll

Help

Subscribe to Alerts

RSS feed of Security Bytes

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map

Podcast Powered by podPress (v8.8)