Welcome, Guest. Please login or register.
Did you miss your activation email?

News: Do you like Samsung Wave?      
Advanced search
Buy Screen Protector for Samsung Wave                    Best Samsung Wave Screen Protector Get The Latest Ringtones Here   
Bookmark Samsung Wave Forum!
Pages: [1]
« previous next »
Print
Share this topic on AskShare this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on LiveShare this topic on MySpaceShare this topic on RedditShare this topic on SlashdotShare this topic on SquidooShare this topic on StumbleUponShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Sites hit in massive web attack  (Read 1068 times)
CGY Guy
Retired
Administrator
Bada Infinity
*****

Karma: +107/-2
Offline Offline

Posts: 5521

Thank You
-Given: 0
-Receive: 0


S8500 Wave, Nexus S, BB Torch ~ Rogers


View Profile
« on: April 01, 2011, 06:51:06 PM »
http://www.bbc.co.uk/news/technology-12933053

Hundreds of thousands of websites appear to have been compromised by a massive cyber attack.

The hi-tech criminals used a well-known attack vector that exploits security loopholes on other sites to insert a link to their website.

Those visiting the criminals' webpage were told that their machines were infected with many different viruses.

Swift action by security researchers has managed to get the sites offering the sham software shut down.
Code control

Security firm Websense has been tracking the attack since it started on 29 March. The initial count of compromised sites was 28,000 sites but this has grown to encompass many times this number as the attack has rolled on.

Websense dubbed it the Lizamoon attack because that was the name of the first domain to which victims were re-directed. The fake software is called the Windows Stability Center.

The re-directions were carried out by what is known as an SQL injection attack. This succeeded because many servers keeping websites running do not filter the text being sent to them by web applications.

By formatting the text correctly it is possible to conceal instructions in it that are then injected into the databases these servers are running. In this case the injection meant a particular domain appeared as a re-direction link on webpages served up to visitors.

Early reports suggested that the attackers were hitting sites using Microsoft SQL Server 2003 and 2005 and it is thought that weaknesses in associated web application software are proving vulnerable.

Ongoing analysis of the attack reveals that the attackers managed to inject code to display links to 21 separate domains. The exact numbers of sites hit by the attack is hard to judge but a Google search for the attackers' domains shows more than three million weblinks are displaying them.

Security experts say it is the most successful SQL injection attack ever seen.

Generally, the sites being hit are small businesses, community groups, sports teams and many other mid-tier organisations.

Currently the re-directs are not working because the sites peddling the bogus software have been shut down.

Also hit were some web links connected with Apple's iTunes service. However, wrote Websense security researcher Patrick Runald on the firm's blog, this did not mean people were being redirected to the bogus software sites.

"The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer," he wrote.

----------------------------------------------------------------------------------------------------------

Be careful out there!

More info on Lizamoon: https://www.google.com/news/more?pz=1&cf=all&ncl=d-9m0TNmnn2MJ0MfYpKb3GQmwDd9M&topic=t
Best Screen Protector
Pages: [1]
Print

« previous next »
Jump to:  

Related Topics
Subject Started by Replies Views Last post
[Widget] Website shortcut to popular sites
Samsung Wave Widgets 		BestOfWave 2 2982 Last post June 20, 2011, 04:54:20 PM
by CGY Guy
Downloading from file sharing sites
Samsung Wave Troubleshooting 		jerk 4 1571 Last post October 27, 2010, 12:57:42 AM
by babyjosef17
how to download from file hosting sites?
Samsung Wave Discussions 		harnat1 6 1033 Last post November 20, 2010, 05:04:10 AM
by harnat1
does anybody know any sites i can convert a jar file to a jad. using only mob
Samsung Wave Troubleshooting 		Rhonddaguy36 0 336 Last post January 31, 2011, 04:26:47 PM
by Rhonddaguy36
IPhone attack reveals passwords in six minutes
Lounge (Off-topic) 		CGY Guy 3 1178 Last post February 11, 2011, 01:56:46 AM
by Rohirrim




Thanks for visiting Samsung Wave Forum Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC Sitemap

Galaxy S3 | Galaxy Note | Galaxy Nexus | Kindle Fire | Atrix 4G | Motorola Xoom | Windows Phone 7
Nokia Lumia | Top Hosts | Samsung Galaxy Tab | Samsung Galaxy S2 | Samsung Galaxy S | Samsung Wave
HTC Evo 3D | HTC Evo 4G | HTC Incredible | HTC Incredible 2 | HTC Incredible S | HTC Thunderbolt
Motorola Droid Razr | HTC Desire | HTC Desire HD | HTC Desire Z | HTC Desire S | HTC Wildfire
Motorola Droid | Galaxy Indulge | Nokia N8 | Droid Charge | Droid X | Droid X2 | Droid 2| Droid 3 | Fascinate
HTC Sensation | HTC Flyer | LG Revolution | Asus Transformer | Xperia Play | iPhone 4 | Nexus S | Droid Bionic
HTC One | HTC Wildfire S | HTC Droid Eris


This is an Un-Official fan based Website. The views expressed on this website are solely those of the proprietor, or contributors to the site, and do not necessarily reflect the views or opinions of the parties it covers, and is not affiliated with, endorsed or sponsored by parties involved.
If you have a problem with any of the content posted on this website, please contact "sales@verticalscope.com"
Term of Use | Privacy Policy | BlackRain 2006 by, Crip