Vendor warns of 'Chinese' website attacks

Summary:Security vendor ScanSafe has warned IT professionals of a fresh wave of SQL injection attacks

Security vendor ScanSafe has warned of a wave of SQL injection attacks that has affected over 7,000 web pages.

The attackers appear to be avoiding compromising Chinese government websites, while the attack code contains the text string "Silent love China", wrote ScanSafe researcher Mary Landesman in a blog post.

The attack, which began on Saturday, focused on systems running Microsoft SQL Server and ASP, and quickly infected thousands of web pages, according to the researcher. "The Yahoo search engine revealed 7,020 compromised pages over the course of the weekend," said Landesman.

Compromised sites include IPO listings on kgieworld.com, a Hong Kong stock brokerage, worldoil.com, and redmondmag.com, which should not be confused with redmondmagazine.com, a site for Microsoft developers.

Successful exploitation of a victim's computer leads to the installation of a password-stealing Trojan and a rootkit.

When a user visits a compromised page, their browser is redirected via SQL injection to another page, which in turn loads a second iframe. That iframe loads a script that assesses the victim computer for various vulnerabilities, including a memory corruption flaw in RealPlayer, reported in CVE-2008-1309.

Depending on whether the victim's computer is susceptible, it will be redirected to load content from one of several exploit pages. Successful exploitation results in the installation of the password-stealing Trojan. This password-stealer hooks into the Windows shell using the Control_RunDLL function.

IT professionals can use web-scanning and filtering technologies to gauge compromised sites, Landesman recommended.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.