Sales & Marketing
Training & Development
PCs & Servers
Imaging & Printing
SQL attack hits 500,000 websites
Apr 26, 2008 3:56 PM
Security researchers have uncovered a new SQL attack which has compromised more than half a million web pages.
"They have hit city websites, commercial sites and even government websites, " wrote Sans researcher Donald Smith.
"This type of injection pretty much voids the concept of 'trusted' or 'safe' websites."
Security firm F-Secure said that at least 510,000 pages have fallen victim to the attack.
The compromised sites have been embedded with code that redirects the user to a third-party site at which eight different exploits attempt to install a password-stealing Trojan.
F-Secure and Sans Institute urged administrators to block access to the domains hosting the malware exploit.
Sans Internet Storm Center
recommended blocking access to hxxp:/www.nihaorr1.com and the IP it resolves to 219DOT153DOT46DOT28 at the edge or border of the network.
F-Secure also recommended that administrators of hosting servers check their logs for possible attacks.
The outbreak is the latest in a rash of large-scale attacks this year. In March, a pair of attacks, one infecting 10,000 pages and another compromising 200,000 pages, were uncovered by researchers.
Follow us on
From AFL to channel: Microsoft 'silver bullet' unveiled
Office for iPad: 12m downloads but poor reviews
British IT firm upgrades 30,000 PCs in 30 days
Google's Cloud SQL now available with SLA
B2Cloud helps Garvan Institute crowdsource compute power
Telstra releases 4G on wholesale
NBN resellers get hands on satellite
JB Hi-Fi rescues Oppo channel
Malware in nuclear plant prompts shutdown
Send us your tips
You must be a registered member of CRN to post a comment.
Click here to login
Click here to register
AFL star joins Melbourne's Broadband Solutions
Shaun Grigg starts second job at peak of footy career.
Amazon Web Services killing it: revenue up 64%
Cloud vendor also triples operating income.
WestConnex signs national reseller Viatek
Five-year deal with Sydney Motorway Corporation.
Sign up to receive CRN email bulletins
How to choose the right Australian data centre
Here are the top 50 technology startups in Australia
AWS launches 80TB 'cloud suitcase' in Australia
How to steal $100 million with a fake email
Symantec CEO steps down
Powered by Disqus
What's the most important factor when partnering with a new vendor?
Account managers in Australia
view previous polls »
Powered by Disqus
CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.
What's in this issue?
Most popular tech stories
7 accounting packages for Australian small businesses compared: including MYOB, QuickBooks Online, Reckon, Xero
Turn your website into an app for free
How do I make sure my email is properly synced between all my computers?
Do you know these 12 eBay tips?
How long will a UPS keep your computers on if the lights go out?
Photos: Carsales staff hack the way they work
Photos: A look inside an NBN exchange
Rio Tinto IT tool unearths millions in prized iron ore
Why ANZ separated its data platform and analytics teams
How Origin Energy is using data to save corporate clients millions
How to: How much RAM do you really need?
Top 25 fantasy games of all time
Review: Dell's XPS 15 is on the best Windows 10 laptops we've seen
Top 15 obscure video game consoles for collectors
The 25 best space games ever
3 reasons why Mafia III is the most daring series entry yet
A mob of Mafia III screenshots
Some starry shots of No Man's Sky
10 reasons to check out anti-space-sim No Man’s Sky
Star Wars original trilogy heroes and villains
PC & Tech Authority
nextmedia Pty Ltd
. All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's
Terms & Conditions
Login to CRN
Email or Username:
* Email or Username required
* Password required
Forgot your password?
Don't have an account? Register now!
To request a
, enter the email address linked to your CRN account and we'll send one to you.
* Email required
* Invalid Email address
* Invalid Email address
Click here to return to Login Form
comments powered by Disqus.