Thousands of Web Sites Hit With New Twist on Old SQL Injection Hack

Thousands of Web Sites Hit With New Twist on Old SQL Injection Hack
http://newenterprise.allthingsd.com/...mod=googlenews

A relatively simple hack has been used to compromise at least 500,000 Web sites, and perhaps as many as 1.5 million, in such a way that visitors are tricked into downloading fake PC security software.

Dubbed Lizamoon, after the Web site where some users are in some cases redirected, the attack was first documented by the security research firm Websense The hack seeks to trick Web users into believing that their computer has been compromised by viruses and prompts them to download fake security software that itself causes further problems. Among the sites serving up the links to the fake software sites are some belonging to Apple and used on its iTunes store, though Apple is said to have cleaned up the affected code on its site.

Websense says that so far it appears that sites using Microsoft SQL Server 2003 and 2005 are at risk, though as yet SQL Server 2008 doesn’t appear to be affected. No word yet from Microsoft about any of this, though I’ve asked them for a comment.

SQL injection attacks take place when malicious code–essentially commands to a Web server to do things it’s not supposed to do — are inserted into routine queries of a Web site’s data base. A basic way to carry out these attacks is to add extra commands into the URL bar of a the browser when visiting a vulnerable Web site. It’s not entirely clear exactly how this series of attacks has been carried out.

There has been many of these type of attacks, I was hit with a similar one last year. Coincidentally, I was using Apple's Safari browser when this happened.

At the time, I was using MSE as my AV, and it didn't catch whatever it was. I spent 10+ hours trying to clean it, I had to boot into the OS beside of 7 (XP) to clean it, as all attempts to try to run any kind of security scan failed, I couldn't even get to a online scanner to clean it.

After booting into XP, I first ran MBAM, it didn't take long, it went to cleaning. Same with MSE. I repeated the process from XP until all was clean (or so I thought), then went to bed.

The following morning, I booted into 7, the first thing I saw was that I needed to apply a security update, it looked real, so I checked "OK" to install. Damn, the whole process started all over again. This time, I trashed the OS, formatted it with a XP disc (it spends more time doing this), pulled it out after the formatting, and reinstalled 7. All was fine afterwards.

That was the nastiest infection that I ever ran into, and hope that I never do again. I've also learned not to click onto any such rouge "update" again.

Cat

This is why I keep a a full weekly backup, and I keep three weeks worth of backups.
I use Macrium Reflect for this. I also schedule a full daily backup using W7 and keep 2 weeks worth of these backups.