500 Thousand MS Web Servers Hacked 332
andrewd18 writes "According to F-Secure, over 500,000 webservers across the world, including some from the United Nations and UK government, have been victims of a SQL injection. The attack uses an SQL injection to reroute clients to a malicious javascript at nmidahena.com, aspder.com or nihaorr1.com, which use another set of exploits to install a Trojan on the client's computer. As per usual, Firefox users with NoScript should be safe from the client exploit, but server admins should be alert for the server-side injection. Brian Krebs has a decent writeup on his Washington Post Security Blog, Dynamoo has a list of some of the high-profile sites that have been hacked, and for fun you can watch some of the IIS admins run around in circles at one of the many IIS forums on the 'net."
ob... (Score:4, Funny)
LOL (Score:3, Funny)
Lolicious.
I once spend an hour trying to explain IIS/MS SQL Server admin what PHP/MySQL addslashes()/mysql_escape_string() do - all to no avail. He was absolutely sure it is sufficient to like in VB surround any string with single quotes and it all will be fine.
Now seeing that it's real fun for guys, I can only laugh.
Re:Seems to be effecting older versions of IIS... (Score:4, Funny)
Re:The Trojan is hosted in China (Score:5, Funny)
And I'm sure you meant Turkey.(http://en.wikipedia.org/wiki/Troy [wikipedia.org]).
Re:epic lol (Score:3, Funny)
Re:Bias? (Score:1, Funny)
Impressive fighter plane they have there (Score:3, Funny)
Is that the fighter plane with warp drive and photon torpedos?
Sorry to pick on ya dude... it was a US spy plane, not a spy satellite
Re:epic lol (Score:2, Funny)
Re:Bias? (Score:5, Funny)
Since we don't see the LAMP version spreading I think we can safely conclude that no web application written in PHP with a MySQL back-end is currently vulnerable to any type of SQL injection.
Re:This site makes me sick (Score:3, Funny)
Re:ob... (Score:5, Funny)
Re:ob... (Score:5, Funny)
Re:More data needed (Score:3, Funny)
Microsoft's technical team was taken by surprise, giving them fresh hope that they, too, can develop software which runs on Microsoft IIS server and Microsoft SQL Server.