Tuesday, October 26, 2021
  • Home

And so the SQL attacks continue…

May 15th, 2008 by Patrick S

Yep…It’s still going-and its worse than ever it seems. Hundreds of thousands of unsuspecting people are stillstumbling across perfectly legitimate websites that have been compromised by an SQL injection, and as a result are infected with a nastyTrojan.
These types of Trojans are known for changing an affected system’s local DNS and Internet browser settings, thus making the system vulnerable for even more potential threats. (Trend Micro have written a very good post explaining what happens once infected)

Therefore I thought I would take some time to mention a dew domains (courtesy of f-secure) admins should block to avoid any possible chance of infection:

  • yl18.net
  • www.bluell.cn
  • www.kisswow.com.cn
  • www.ririwow.cn
  • winzipices.cn
  • www.wowgm1.cn
  • www.killwow1.cn
  • www.wowyeye.cn
  • vb008.cn
  • 9i5t.cn
  • computershello.cn

This is a good time to again mention that this not a vulnerability in Microsoft IIS or Microsoft SQL that is used to make this happen. If you are an administrator of a website that is using ASP/ASP.NET, you should make sure that you sanitize all inputs before you allow it to access the database.

There are many articles on how to do this such as this one. You could also have a look at URLScanwhich provides an easy way to filter this particular attack based on the length of the QueryString.

Posted in MS SQL, Security, Windows Server System, Windows XP | Comments Off on And so the SQL attacks continue…

This entry was posted on Thursday, May 15th, 2008 at 4:55 am and is filed under MS SQL, Security, Windows Server System, Windows XP. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.