We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Tens of thousands of websites hacked

More than 70,000 sites compromised

A mass automated SQL injection attack has compromised tens of thousands of websites. Although some of the infected websites have been cleaned, others continue to serve visitors a malicious script that tries to hijack their PCs using multiple exploits, security experts said over the weekend.

On Saturday, said Roger Thompson, the chief research officer at Grisoft SRO, the number of sites that had fallen victim to the attack numbered more than 70,000. He pointed out that the hacked sites could be found via a simple Google search for the domain that hosted the malicious JavaScript.

"This was a pretty good mass hack," said Thompson, in a post to his blog.

"It wasn't just that they got into a server farm, as the victims were quite diverse with, presumably, the only common point being whatever vulnerability they all shared."

Symantec cited reports by other researchers - including one identified only as "websmithrob" - that fingered a SQL vulnerability as the common thread.

For the latest PC security news, reviews, tips and tricks, visit Security Advisor.

"The sites [were] hacked by hacking robot by means of a SQL injection attack, which executes an iterative SQL loop [that] finds every normal table in the database by looking in the sysobjects table and then appends every text column with the harmful script," said websmithrob in a blog post.

"It's possible that only Microsoft SQL Server databases were hacked with this particular version of the robot since the script relies on the sysobjects table that this database contains."

According to websmithrob, the attack appends a JavaScript tag to every piece of text in the SQL database; the tag instructs any browser that reaches the site to execute the script hosted on the malicious server.

Hacked sites included both .edu and .gov domains, the SANS Institute's Internet Storm Center (ISC) reported in a warning posted last Friday. The ISC also reported that several pages of security vendor CA website had been infected.

See also:

CA website attacked by malware authors

Grisoft's Thompson said that his research had identified a 15-month-old vulnerability as one of those exploited by the attack code. The exploit, he said, targeted the Microsoft Data Access Components (MDAC) bug patched in April 2006 with the MS06-014 security update.

"They went to the trouble of preparing a good website exploit, and a good mass hack but then used a moldy old client exploit. It's almost a dichotomy," said Thompson.

NEXT PAGE: more recent flaws being exploited > >


IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Best Photoshop Tutorials 2014: 10 inspiring step-by-step guides to creating amazing art,...

IDG UK Sites

Mac tips tricks & hacks: 10 things you didn't know your Mac could do