Devastating SQL attack compromises 50,000 sites

August 26, 2009

[From V3]

A new SQL injection attack has already snared over 50,000 legitimate web sites, and threatens to cause havoc for innocent internet users, according to new research from ScanSafe. The security-as-a-service firm said in a blog post that it first detected the problem on Friday.

The attack exploits poor coding to insert a malicious iframe on the sites. When visited by a user, an infected site will begin to download what ScanSafe senior security researcher Mary Landesman described as "a potent Trojan cocktail consisting of backdoors, password stealers and a downloader".

The article continues at http://www.v3.co.uk/v3/news/2248445/sql-attack-compromises-50000