Hackers jack thousands of sites, including U.N. domains
It's a repeat of earlier attacks that relies on an SQL injection, says Websense
"They're using the same techniques as last month, of an SQL injection of some sort," said Dan Hubbard, vice president of security research at Websense Inc., referring to large-scale attacks that have plagued the Internet since January.
Among the sites hacked were several affiliated with either the U.N. or U.K. government agencies, said Websense.
The exact number of sites that have been compromised is unknown, said Hubbard. He estimated that it's similar to the March attacks, which at their height infected more than 100,000 URLs, including prominent domains such as MSNBC.com.
"The attackers have now switched over to a new domain as their hub for hosting the malicious payload in this attack," Websense said in an alert posted yesterday to its Web site. "We have no doubt that the two attacks are related."
"Once loaded, the file attempts eight different exploits," noted the Websense warning, including one that hits a vulnerability in Internet Explorer's handling of Vector Markup Language (VML) that was patched in January 2007.
Maone also said "I told you so" in his blog post yesterday. In an August 2007 entry, he had said that rather than fixing the underlying security problems on the U.N. site, the agency had simply deployed a "pretty useless" firewall that masked the most obvious attack surface.
However, even the disinfected sites could fall victim again, Maone maintained. "The sad truth, though, is that even those 'clean' sites are still vulnerable, hence they could be reinfected at any time," he said.
"Web site owners have to start securing their code," Hubbard noted.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- IDG Research Survey: Are you Paying Too Much for Your NMS? Feel like you're paying too much for network monitoring? You're not alone. This survey brief summarizes findings from research recently fielded by IDG...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Live Webcast 5 Steps to Assuring Quality of Experience In order to align monitoring and management practices with the true demands of the business, IT professionals must expand beyond traditional comfort zones...
- Live Webcast Master the Changing SAP Landscape with Performance Management SAP landscapes are not getting simpler. Gradually, business processes that used to be contained on a single SAP system now involve a range...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Navigating the New Wireless Landscape Thriving in the new wireless landscape View Now>> All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!