Over 1.5 million pages affected by the recent SQL injection attacks

Over 1.5 million pages affected by the recent SQL injection attacks

Summary: In an attempt to mitigate the impact of the recent waves of SQL injection attacks, and provide more transparency into the approximate number of affected pages, the Shadowserver Foundation is starting to maintain a list of all the malicious domains used in the continuing efforts by copycats to inject as many legitimate sites as possible. Currently counting over fifty malicious domains, and the corresponding number of affected pages by them, the total number is just over 1.

SHARE:
14

In an attempt to mitigate the impact of the recent waves of SQL injection attacks, and provide more transparency into the approximate number of affected pages, the Shadowserver Foundation is starting to maintain a list of all theThe Shadowserver Foundation malicious domains used in the continuing efforts by copycats to inject as many legitimate sites as possible. Currently counting over fifty malicious domains, and the corresponding number of affected pages by them, the total number is just over 1.5 million.

Needless to say to stay away from these domains if you don't know what you're doing. The Shadowserver's announcement :

"Below is a list of domains used in the mass SQL injections that insert malicious javascript into websites. We've also included an approximate number of pages infected (according to Google). Note that these numbers decay with time. Some of these domains were injected long ago and have been cleaned. At their height, their numbers may have been larger."

Despite that some of the malicious domains are down, or in a process of getting shut down, as long as the long tail of SQL injection attacks is possible due to vulnerable sites at the far corner of the Web, the bad guys would simple keep re-introducing new domains within, or emphasize on increasing their life cycle by fast-fluxing them as we've already seen this happen.

Topics: Malware, Security, Software

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • So...

    Was this the programmers' fault? That's the tale that was trotted out with the previous 0.5 million SQL-injected sites story.
    zkiwi
    • Yes.

      SQL Injection is pretty much always a result of poor practice on the part of the application developer.
      TheTruthisOutThere1
      • If that's so, then...

        There are an awfully large number of developers that suck then. Perhaps they should be sued. Isn't that the American way or whatever.
        zkiwi
        • No.

          I could sue you just for saying that!
          Etch44
        • Bad Programmers

          As in all professions you have a lot of good workers and even more mediocre and bad workers. It's the mediocre programmers that are the most dangerous because they get stuff done, just with terrible quality. Management sees making deadlines more important than quality in the organizations that mediocre developers thrive within, and thus the quickest way of doing stuff (throw together a SQL query through string concatenation and then send it to the database as a raw command) is what happens. Doing correct database development requires more regimen than most "get it done on time, or else" managers are willing to tolerate until their site gets hacked.

          Payton Byrd
          http://blogs.ittoolbox.com/visualbasic/dotnet
          payton2
          • amen !!

            For more bad management.. Please check the credit crunch !!
            holmes.steven
          • If something is systemic, ...

            you don't start at the bottom. I work at a company where the 'enterprise' database doesn't have a password. We cannot even add a a password because of old applications with that we can no longer compile. All of IT objects, management up to the CEO is aware, and we are able to live with the issues by running a script to remove the damage from SQL injections and setting up check constraints to prevent long string from containt strings like '<script'. Completely Mickey Mouse stuff, but the decision is not in the hands of IT. So don't blame the programmer. My new projects use PostgreSQL and passwords that are quite complex, I am tired of using commonly attacked tools. But until the old tools die, probably a decade, we have to live with a completely insecure SQL Server database and a decade worth of crap code that accesses it.
            shis-ka-bob
  • RE: Over 1.5 million pages affected by the recent SQL injection attacks

    I would imagine most of those 'developers' that you are referring to couldn't program their way out of a paper bag. The sad reality is that the direction of developer tools, making things easier for an average joe to make there mark on the web, also means that there is large number of websites that are improperly programmed. It's not that these people are stupid, it's just that they never have had proper instruction on how to implement safe input handling and fault control. If only people had to prove that they knew what they were doing before setting up a website then I think there would be much less of this happening.
    robcurr
    • That and...

      the number of really hocking(1) tutorials and books done by people who don't always know what they're doing themselves. It's bad enough when people know that they don't really know what they're doing, but when they think they [i]do[/i] know what they're doing because they've read some half-baked gubbins then they start doing real damage because they might have the confidence to start putting their work in the real-world.

      As the saying goes, a little knowledge is a dangerous thing.

      (1)I know I'm abusing this word, but I don't really care.
      odubtaig
  • RE: Over 1.5 million pages affected by the recent SQL injection attacks

    My online magazine was hit with an injection and its been a pain in the tail to work out the kinks it caused in my system....it's been going on since Thursday last week.
    princeproctor
  • Popular targets?

    It was around the year 1999 I first saw the SQL injection trick done against a Java application with an Oracle back end, the basic exploit is generic.

    Of late I am hearing that the attacks are targeting IIS/SQL Server systems. This seems plausible to the extent that such systems are common and tend to be poorly secured ( if at all ) by rank amateur mouse actuator types, but is there a particular vulnerability with this platform?
    schmandel
  • RE: Over 1.5 million pages affected by the recent SQL injection attacks

    I know of a site that was affected that is purely informational for a group of people with a common interest. And the data is very useful. And the site development is purely a volunteer effort. It's not all about business,,,,,,, little people get smacked,too.
    upnorthcurls
  • RE: Over 1.5 million pages affected by the recent SQL injection attacks

    I think it is our mistake, why don't we develop such a website with SQL Injection and Cross site scripting defense? The time needed to apply this will not take too much time while fixing the affected website will take.
    SQL Injection is really a very big problem, the affected website will not be fixed easily regardless the time and money!
    samialsayyed
  • RE: Over 1.5 million pages affected by the recent SQL injection attacks

    If this helps at all, follow this link to a page I posted with some programming help against those SQL Injection attacks!<BR/><BR/><A HREF="http://www.cheergallery.com/SQLInjectionHelp.html" REL="nofollow">SQL Injection Programming help</A><BR/><BR/>http://www.cheergallery.com/SQLInjectionHelp.html <BR/><BR/>thanks,<BR/><BR/>Amir Segal<BR/>Programmer</p>
    amirsegal