40,000-plus Web sites infected in 'Beladen' Web attacks

Russian Business Network suspected behind attack on users, Websense says

More than 40,000 Web sites were compromised over the weekend via SQL-injection attacks with malware that attempts to push visitors to a site dishing out malicious software, according to a security firm.

Websense has dubbed the attack surge "Beladen" (which is German for "loaded") after the domain name "Beladen.net." That domain name, registered in the Ukraine, is involved in the attack process to push unsuspecting victims to typo-squatting site "googleanalytlcs.net" that attempts to push malware such as keyloggers onto the victim's machine. If that's not successful, it will try to scare them into buying fake antivirus software.

"The attack is very advanced," says Stephan Chenette, manager of security research at Websense Labs, which is still investigating some aspects of the attack, such as how it is working on specific content-management systems.

Chenette speculates there's a tie to the Russian Business Network because of the style of the attack. The attackers have managed to infect a wide variety of Web sites in the United States, Europe and Asia.

Learn more about this topic

2008 was year of the SQL injection attack: IBM

How one site dealt with a SQL injection attack

Hacker launch massive iFrame attack
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies