[Owasp-singapore] Mass SQL injection attacks still scaling up

Wong Onn Chee ocwong at usa.net
Thu Aug 27 22:14:09 EDT 2009


http://www.scmagazineus.com/Mass-SQL-injection-attacks-still-scaling-up/article/147490/

"The mass SQL injection
<http://www.scmagazineus.com/search/SQL+injection/> attacks that gained
attention
<http://www.scmagazineus.com/New-mass-SQL-injection-attack-infects-56000-websites/article/147178/>
earlier this week are continuing, with some 210,000 pages infected so far.

All of the attacks are coming from IP addresses based in China, "



"The attack works in two stages. The first is to *infect the target web
pages*, and then *when visitors browse to the infected pages, malware is
downloaded to their machines*."

Onn Chee: Again the malware is usually not hosted on the target web servers.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20090828/83789a57/attachment.html 


More information about the Owasp-singapore mailing list