SQL Injection Attack with Drive-By Infections

A big SQL injection attack against hundreds of thousands of web sites. Many government and commercial sites have been infected with code that will try to install a password stealing program just by visiting a web page.

It’s not clear if anti-virus programs will catch this one yet.

You can see the extent by doing a web search for “nihaorr1”. DO NOT VISIT ANY OF THOSE LINKS! Google search may be filtering the bad sites; they returned only about 48K. Yahoo search returned over 251K entries. Some are discussions about this vuln, but many are sites that have been infected with the malicious javascript.

This one is widespread. Internet Storm Center has info here: http://isc.sans.org/diary.html?storyid=4331 . “They have hit city websites, commercial sites and even government websites. This type of injection pretty much null and voids the concept of “trusted website”. or “safe sites”‘

Corporate types should be watching for traffic to that site. I found a few users at the office that may have been affected (and possibly infected).

Be careful out there!

Leave a Reply

Name and email are required. Your email address will not be published.