More than 40,000 Web sites were compromised over the weekend via SQL-injection attacks with malware that attempts to push visitors to a site dishing out malicious software, according to a security firm.
Websense has dubbed the attack surge "Beladen" (which is German for "loaded") after the domain name "Beladen.net." That domain name, registered in the Ukraine, is involved in the attack process to push unsuspecting victims to typo-squatting site "googleanalytlcs.net" that attempts to push malware such as keyloggers onto the victim's machine. If that's not successful, it will try to scare them into buying fake antivirus software.
"The attack is very advanced," says Stephan Chenette, manager of security research at Websense Labs, which is still investigating some aspects of the attack, such as how it is working on specific content-management systems.
Chenette speculates there's a tie to the Russian Business Network because of the style of the attack. The attackers have managed to infect a wide variety of Web sites in the United States, Europe and Asia.