Hi malware fighters,
Researchers finally found out how more than 100.000 websites could be hacked early this year.
It was already known that the owners of these sites had become victims of an automatic SQL injection.
How the attack had been performed and what kind of tools the attackers had used was not known
in detail until now. The attackers had used search engines to look for weak applications and through a SQL
statement a script was injected into every HTML page of the website.
This script linked through to a page with a Windows and Real Player exploit.
Yesterday researchers found a website that hosted a malicious Javascript file with
various exploits. Among these exploits they also found the file with which the attackers hacked the site.
The tool, in Chinese, let users choose code to be injected, and through the use of Google and a built in bsalsa browser the tool runs the SQL injection and writes the malicious script.
The researchers have this advise for webmasters: “Check your apps and prevent leaks.”
See for further details:
http://isc.sans.org/diary.html?storyid=4294
polonus