PC World - The Internet Storm Center, which tracks online threats, warned Wednesday that a worm is infecting vulnerable Web sites with a database attack. Though relatively small by Web attack standards with about 4,000 reported infected sites, the assault adds invisible code to a site that can force visitors to download malware onto their PC. Bad PR, to say the least.

IMPORTANT: DO NOT visit the domain named in the following test, or any sites that show up on a Web search as having this domain listed in their pages' code (including cached pages). Doing so could infect your PC with malware.

To see if your site has been hit, run the following Google search: "site:your company domain (ex. pcworld.com) winzipices.cn." -- or search for that domain within your Web site's HTML code. If you find anything, let your IT know immediately. When I ran a search just now I saw sites for everything from insurance companies to cemeteries to universities that all appear to have been infected.

The worm uses a SQL injection attack, according to the ISC, but it doesn't yet know just what vulnerability is targeted. The attack highlights the importance of keeping your site secure, something I wrote about last month. It's likewise critical to keep your own PC software up-to-date, as the ISC says visitors to infected sites can be hit via a known flaw in old Real Player software.

For more details, see the ISC post or a more detailed writeup from shadowserver.org.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Reprinted with permission from

For more PC news, visit PCWorld.com.
Story copyright 2009 PC World Communications. All rights reserved.

Jump to comments

internet storm center

Additional Resources

Microsoft

DirectAccess and UAG: Better Together

Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.

Microsoft

Case Study: Energy Firm Tightens Protection, Simplifies IT Work

Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

2 comments | Add new

See all comments (2) | Add new

White Papers & Webcasts

The Tangled Web: Silent Threats & Invisible Enemies
Download Now

Hosted Security Services: Why it make budget and security sense in today's economy
Watch Now

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.

Best Practices for Log Monitoring
Watch Now!

US Military Command Prevents Zero Day Attack with Application Whitelisting
Download this Whitepaper Today!

Data in Action: Making the Planet Smarter
Register Now

Employee Web Use and Misuse
Download this new White Paper today!

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Get More from Your IT Budget
Download this new white paper today!

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

All White Papers | All Webcasts

Computerworld Reports

Computerworld Technology Briefing: More than Business Value

Computerworld Briefing: Staffing for Intelligence

8 Questions To Ask About Your Intrusion-Security Solution

All Computerworld Reports

IT Jobs

See All Jobs Post a job for $295

Jobs by SimplyHired

	Security
	Virus and Vulnerability Roundup
	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10
	Cloud Computing

resource center

Newsletter Sign-Up

Web attack worm on a rampage

Check yourself, but proceed with caution