- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
More than 40,000 Web sites were compromised over the weekend via SQL-injection attacks with malware that attempts to push visitors to a site dishing out malicious software, according to a security firm.
Websense has dubbed the attack surge "Beladen" (which is German for "loaded") after the domain name "Beladen.net." That domain name, registered in the Ukraine, is involved in the attack process to push unsuspecting victims to typo-squatting site "googleanalytlcs.net" that attempts to push malware such as keyloggers onto the victim's machine. If that's not successful, it will try to scare them into buying fake antivirus software.
"The attack is very advanced," says Stephan Chenette, manager of security research at Websense Labs, which is still investigating some aspects of the attack, such as how it is working on specific content-management systems.
Chenette speculates there's a tie to the Russian Business Network because of the style of the attack. The attackers have managed to infect a wide variety of Web sites in the United States, Europe and Asia.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (6)
sureBy huanhuan on June 3, 2009, 1:20 pmSQL-injection attacks?
Reply | Read entire comment
Great title EllenBy Anonymous on June 3, 2009, 5:02 pmToo bad the content is so poor. What is the nature of the attacks - what can be done to prevent them - what systems are vulnerable - what is a SQL-Injection attack...
Reply | Read entire comment
and the cure is?By Anonymous on June 3, 2009, 5:33 pmwhat caused it? anymore details? how can it be prevented?
Reply | Read entire comment
ExplanationBy Anonymous on June 3, 2009, 5:43 pmSQL injection attacks are the process of causing a system to execute database commands by feeding the commands via unfiltered and unvalidated input fields or sources. SQL...
Reply | Read entire comment
Preventing Net BreachesBy Anonymous on June 3, 2009, 9:28 pmPlease read some "GOOD NEWS"FOR A CHANGE>>>>>>>> The White House & NSD has been briefed. One of our clients for the past 32 months is the Canadian Govt. Dept...
Reply | Read entire comment
SQL InjectionBy Anonymous on June 4, 2009, 3:02 pmSQL Injection is the process of sending database commands as input. For example, I could start typing database commands into this box and have them run when the...
Reply | Read entire comment
View all comments