SANS solves mystery of mass Web site infections

by Jeremy Kirk
Be the first to comment | I like it!
More »
on this topic
April 17, 2008, 01:21 PM —  IDG News Service — 

The SANS Institute has uncovered
what they've termed a "rare gem" as far as computer security investigations
go that sheds new light on how up to 20,000 Web sites have been hacked since
January.

They found a sneaky software tool that uses Google's search engine to hunt
for Web sites running certain kinds of vulnerable applications, wrote
Bojan Zdrnja, on the institute's blog.

"While we had a general idea about what they do during these attacks,
and we knew that they were automated, we did not know exactly how the attacks
worked, or what tools the attackers used," Zdrnja wrote.

When the tool finds a site that is vulnerable, it kicks into action. "The
exploit just consisted of an SQL statement that tried to inject a script tag
into every HTML page on the web site," Zdrnja wrote.

That SQL statement was crafted to target Web sites running Microsoft's Internet
Information Server and SQL Server. Once compromised, the Web sites were then
rigged to serve malicious software to visitors using JavaScript, which tried
various exploits based on known software vulnerabilities.

Among the malicious programs served up was a password-stealing program for
the game "Lord of the Rings Online," security vendor McAfee said last
month.

SANS said the software tool also reports to a server based in China, a feature
that may be used to count the number of infections in order for the person using
the tool can get paid, Zdrnja wrote. The tool may have other functions, but
SANS is still analyzing it.

Among the victims from these attacks were the Web sites of security vendor
Trend Micro
as well as CA.

IDG News Service

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
Free stuff

Win an Amazon Kindle!
This month's giveaway gadget - Amazon's Kindle - will keep you entertained on the long trip home to visit family and friends over the holidays. Enter the drawing now!

Applied Security Visualization
By Raffael Marty
Published by Addison-Wesley Professional
Learn more!

 

IT Manager's Handbook
By Bill Holtsnider and Brian D. Jaffe
Published by Morgan Kaufmann
Learn more!

 

Windows Vista Resource Kit
By Mitch Tulloch, Tony Northrup, and Jerry Honeycutt
Published by Microsoft Press
Learn more!

Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
More Resources