Sites hit in major cyber attack
London, April 2, 2011
Hundreds of thousands of websites appear to have been compromised by hi-tech criminals using a well-known attack vector that exploits security loopholes on other sites to insert a link to their website.
Those visiting the criminals' webpage were told that their machines were infected with many different viruses, said a report in our sister publication, the Gulf Daily News.
Swift action by security researchers has managed to get the sites offering the sham software shut down.
Security firm Websense has been tracking the attack since it started on 29 March. The initial count of compromised sites was 28,000 sites but this has grown to encompass many times this number as the attack has rolled on.
Websense dubbed it the Lizamoon attack because that was the name of the first domain to which victims were redirected. The fake software is called the Windows Stability Centre.
The redirections were carried out by what is known as an SQL injection attack. This succeeded because many servers keeping websites running do not filter the text being sent to them by web applications. By formating the text correctly it is possible to conceal instructions in it that are then injected into the databases these servers are running. In this case the injection meant a particular domain appeared as a redirection link on webpages served up to visitors.
Early reports suggested that the attackers were hitting sites using Microsoft SQL Server 2003 and 2005 and it is thought that weaknesses in associated web application software are proving vulnerable.
Ongoing analysis of the attack reveals that the attackers managed to inject code to display links to 21 separate domains. The exact numbers of sites hit by the attack is hard to judge but a Google search for the attackers' domains shows more than three million weblinks are displaying them.
Security experts said it was the most successful SQL injection attack ever seen. – TradeArabia News Service
More Miscellaneous Stories
- Latest kitchen technology at Sharjah event
- Number of HNWIs in Africa to double by 2023
- World boxing legend to visit Bahrain
- UAE road accidents decline by 23.5pc
- Top businesswomen in Bahrain honoured
- Death penalty sought for Bahrain terrorists
- Girl, 9, dies after fall from 8th floor in Abu Dhabi
- Lebanese café brand opens Dubai outlet
- Bahrain poultry firm told to step up safety
- Customer dies in Bahrain cafe brawl
- Bahraini boys hurt while planting bombs
- Philips, Ericsson launch LED street lighting
- DuBiotech to set up first Halal safety lab
- Jotun to supply coatings for Makkah Station
- Raytheon wins $655m Kuwait Patriot deal
- Alwaleed Foundation lights up 3 Saudi villages
- Poultry farms strike may trigger shortages in Bahrain
- Oman seals Victoria food security pact
- Saudi woman, 80, donates $133m to charity
- New Saudi clamp on energy drinks
- Outrage follows Bahrain killer bomb
- Improvised explosive device used in Bahrain attack
- 3 policemen killed in Bahrain blast
- Dammam-Al Ahsa train service starts
- Egypt wheat supplies enough to last until June
- Expat killed at Saudi workers' holding facility
- 80 global speakers for Doha summit on family
- Restaurant runs up $47,555 phone bill in 4 days
- NZ minister to visit Gulf states
- Public-private tie-ups ‘vital for agri growth’