SophosLabs blog

While catching up on my blog reading yesterday I saw mention, in Silent Noise, of some new domains used in the SQL attacks. While investigating this, I found several other domains as well (Silent Noise has since been updated with some of them). Last night I updated Mal/Badsrc-C and Mal/Iframe-F to detect this new SQL attack.

The above image shows various sites hit in this last attack. The top level contains Mal/Badsrc-C detections and the middle level Mal/Iframe-F. The bottom node is to an IP in Lebanon that is current not responding.

The list of domains affected by this new attack is diverse

• Several sites with TLDs suggesting a South American Government.
• An educational establishment in another South American country.
• A social networking site for ex-service men in the UK.
• A utility comparison site in South Africa.
• A techno-gadgets site in India.
• An online programming community for .NET in India.
• A music site in the USA.

My colleague Fraser has explained how to avoid SQL attacks several times in the blog and as a podcast. SQL attacks are not dead and system administrators still need to be vigilant.

Posted on January 22nd, 2009 by Pob, SophosLabs, UK
Filed under: General

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Sony PlayStation - Revisited
• SQL Attacks delivering EXEs and SWFs
• SQL attacks: now using .MOBI domains and installing scareware
• Digging further into web attacks
• India’s embassy in Spain victim of a malicious attack