Security researchers from Internet Storm Center (ISC) have pointed out a mass SQL injection attack. The attack was named lilupophilupop because it redirected users to a domain with that name. At that present time (December 2011) there were only 80 or so infected webpages, so no one gave the incident much thought. Now the number of victims has increased to 1 million pages.
Blocking access to the lilupophilupop site will prevent infection of clients should they hit an infected site and be redirected. The attack has been ongoing since and the victim sites can be seen all over the world.The figures show that 56,000 pages from the UK, 123,000 from the Netherlands, close to 50,000 from Germany and 30,000 .com webpages bare the infection. Russian, Japanese, Danish, Canadian and .org domains are also affected.
“Typically it is inserted into several tables. From the information gathered so far it looks targeted at ASP, IIS and MSSQL backends, but that is just speculation. If you find that you have been infected please let us know and if you can share packets, logs please upload them on the contact form.” , said Mr Mark Hofman of ISC. Massive SQL injection attacks are considered the best way to spread malicious campaigns by cyber criminal. The infection spreads rapidly like a plague and all the insecure websites it encounters are easily compromised to serve a malicious scheme. Regular visitors of affected sites gets into the trap of cyber crooks. For example they are tempted to install fake Anti-virus and fell easily into the trap. Awareness and developer cautions must be taken to avoid such happenings. Want to test the security effectiveness of your web application? Contact us today for Web Application Penetration Testing Service.
