PC World - The Internet Storm Center, which tracks online threats, warned Wednesday that a worm is infecting vulnerable Web sites with a database attack. Though relatively small by Web attack standards with about 4,000 reported infected sites, the assault adds invisible code to a site that can force visitors to download malware onto their PC. Bad PR, to say the least.
IMPORTANT: DO NOT visit the domain named in the following test, or any sites that show up on a Web search as having this domain listed in their pages' code (including cached pages). Doing so could infect your PC with malware.
To see if your site has been hit, run the following Google search: "site:your company domain (ex. pcworld.com) winzipices.cn." -- or search for that domain within your Web site's HTML code. If you find anything, let your IT know immediately. When I ran a search just now I saw sites for everything from insurance companies to cemeteries to universities that all appear to have been infected.
The worm uses a SQL injection attack, according to the ISC, but it doesn't yet know just what vulnerability is targeted. The attack highlights the importance of keeping your site secure, something I wrote about last month. It's likewise critical to keep your own PC software up-to-date, as the ISC says visitors to infected sites can be hit via a known flaw in old Real Player software.
For more details, see the ISC post or a more detailed writeup from shadowserver.org.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
