Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New SQL Injection Attack Fuses Malware and Phishin

PainMeds (1301879) writes | more than 5 years ago

Security 0

PainMeds (1301879) writes "According to a recent post in Secure Computing's research blog, a new SQL injection attack has infected thousands of MSSQL-based web servers over the weekend, effectively turning them into malware delivery systems. The attack apparently rewrites the server's web pages to include javascript which, in turn, pushes malware to the website visitor as if it were from the genuine website. From the blog, "Similar to phishing, this attack takes advantage of the website visitor's trust in the site they are visiting. Instead of phishing for information, however, malware is sent to the client, which the client has a higher likelihood of accepting being from a trusted site... These web pages are associated with web sites from around the world and supplying various content- including government sites, sales sites, real estate sites, and financial information sites among others." An example of the attack has been included in the post. Unlike most malware attacks, this attack appears to originate from the website the user is actually visiting."

cancel ×


Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account