They are rich now, hopefully they will be (in)famous soon

Subject: General Tech | April 21, 2008 - 11:48 AM |

The actual code used to exploit a certain SQL vulnerabilities used by an automated search tool that looks for websites with those vulnerabilities has been spotted at SANS.  The code sets up javascript files with exploits which then infect anyone who browses by.  There is even a call to a script called pay.asp, so this automated tool probably makes a lot of money for someone.  Follow the link at [H]ard|OCP for the full story and links to the patches your webserver should already have.

"The SANS Institute say they have uncovered what they are calling a "rare gem" as far as computer security

investigations go that actually sheds a little light on how up to 20,000 web sites have been hacked since the beginning

of the year.

They found a sneaky software tool that uses Google's search engine to hunt for Web sites running certain kinds of

vulnerable applications, wrote Bojan Zdrnja, on the institute's blog. "While we had a general idea about what they do

during these attacks, and we knew that they were automated, we did not know exactly how the attacks worked, or what

tools the attackers used," Zdrnja wrote."

Here is some more Tech News from around the web:

Tech Talk

Source: [H]ard|OCP

No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.