- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
A flood of SQL injection attacks on Microsoft Internet Information Servers are leaving Web pages with malicious iFrames in them, and Panda Security is urging network managers to make sure their Web pages haven't been infected.
Panda says the number of infected Web pages spiked to 282,000 in the past day, and appears to be growing. Network managers can check to see whether their Web pages are infected with the iFrame code by looking for a specific code string in the source code of the Web page associated to an iFrame tag. The string is <script src=http://www.nihaorr1.com/1.js>, according to the security vendor.
If detected, this string should be eliminated immediately, says Panda, which adds that new strains of malicious code as yet unrecognized may be resident also. Panda is urging Web-site managers to check to see whether their Web pages are being manipulated and is offering a free scan at its Infected or Not? site.
"It appears to have started yesterday with these SQL injection attacks," says Ryan Sherstobitoff, Panda's chief corporate evangelist. There's ongoing research into the problem, the source of which may trace back into Eastern Europe or Russia, he says.
Neither Panda nor any other security firm Sherstobitoff is aware of has identified the exact vulnerability in IIS that is the attack route for injection of the malicious iFrame, although suspicions center on a vulnerability described in an April 17 Microsoft Security Advisory (951306) for which there is not yet a defined patch or other fix.
Malicious iFrame attacks have seen widespread growth over the past several months. Attackers embed the iFrame code in Web pages to redirect victims to sites for purposes of fraud or other criminal conduct.
Rss FeedRss Feed
If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (3)
The same result but from qiqigm.comBy Anonymous on May 29, 2008, 8:08 pmThis script is finding it's way into websites now. Suggest there are probably others as well.
Reply | Read entire comment
Not related to April issueBy Anonymous on April 25, 2008, 5:56 pmThe April issue is a local EoP, which requires the user to already be authenticated and running code on the machine. This particular problem is caused by SQL injection.
Reply | Read entire comment
The number of sites reached 509.000 !!!By xmachine on April 25, 2008, 4:16 amThe rage is still alive and the number of infected sites is increasing ... system admins should put their defenses to protect the netowrk. check here http://extremesecurity.blogspot.com/2008/04/un-site-took-injection.html
Reply | Read entire comment
View all comments