Vendor warns of 'Chinese' website attacks

Vendor warns of 'Chinese' website attacks

Summary: Security vendor ScanSafe has warned IT professionals of a fresh wave of SQL injection attacks

TOPICS: Security

Security vendor ScanSafe has warned of a wave of SQL injection attacks that has affected over 7,000 web pages.

The attackers appear to be avoiding compromising Chinese government websites, while the attack code contains the text string "Silent love China", wrote ScanSafe researcher Mary Landesman in a blog post.

The attack, which began on Saturday, focused on systems running Microsoft SQL Server and ASP, and quickly infected thousands of web pages, according to the researcher. "The Yahoo search engine revealed 7,020 compromised pages over the course of the weekend," said Landesman.

Compromised sites include IPO listings on, a Hong Kong stock brokerage,, and, which should not be confused with, a site for Microsoft developers.

Successful exploitation of a victim's computer leads to the installation of a password-stealing Trojan and a rootkit.

When a user visits a compromised page, their browser is redirected via SQL injection to another page, which in turn loads a second iframe. That iframe loads a script that assesses the victim computer for various vulnerabilities, including a memory corruption flaw in RealPlayer, reported in CVE-2008-1309.

Depending on whether the victim's computer is susceptible, it will be redirected to load content from one of several exploit pages. Successful exploitation results in the installation of the password-stealing Trojan. This password-stealer hooks into the Windows shell using the Control_RunDLL function.

IT professionals can use web-scanning and filtering technologies to gauge compromised sites, Landesman recommended.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion