On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet

May 20th, 2008

Over 1.5 million pages affected by the recent SQL injection attacks

Posted by Dancho Danchev @ 4:05 pm

Categories: Botnets, Viruses and Worms

Tags: Shadowserver Foundation, SQL Injection, Malware Domains, Dancho Danchev

In an attempt to mitigate the impact of the recent waves of SQL injection attacks, and provide more transparency into the approximate number of affected pages, the Shadowserver Foundation is starting to maintain a list of all theThe Shadowserver Foundation malicious domains used in the continuing efforts by copycats to inject as many legitimate sites as possible. Currently counting over fifty malicious domains, and the corresponding number of affected pages by them, the total number is just over 1.5 million.

Needless to say to stay away from these domains if you don’t know what you’re doing. The Shadowserver’s announcement :

“Below is a list of domains used in the mass SQL injections that insert malicious javascript into websites. We’ve also included an approximate number of pages infected (according to Google). Note that these numbers decay with time. Some of these domains were injected long ago and have been cleaned. At their height, their numbers may have been larger.”

Despite that some of the malicious domains are down, or in a process of getting shut down, as long as the long tail of SQL injection attacks is possible due to vulnerable sites at the far corner of the Web, the bad guys would simple keep re-introducing new domains within, or emphasize on increasing their life cycle by fast-fluxing them as we’ve already seen this happen.

Dancho DanchevDancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.

Email Dancho Danchev

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 14 Talkback(s)
If something is systemic, ...
you don't start at the bottom. I work at a company where the 'enterprise' database doesn't have a password. We cannot even add a a password because of old applications with that we can no longer co... (Read the rest)
Posted by: shis-ka-bob Posted on: 05/28/09 You are currently: a Guest | | Terms of Use
So...  zkiwi | 05/20/08
Yes.  TheTruthisOutThere@... | 05/21/08
If that's so, then...  zkiwi | 05/21/08
No.  Etch44 | 05/21/08
Bad Programmers  payton@... | 05/21/08
amen !!  holmes.steven@... | 05/21/08
If something is systemic, ...  shis-ka-bob | 05/28/09
RE: Over 1.5 million pages affected by the recent SQL injection attacks  robcurr | 05/21/08
That and...  odubtaig | 05/21/08
RE: Over 1.5 million pages affected by the recent SQL injection attacks  princeproctor@... | 05/21/08
Popular targets?  schmandel@... | 05/21/08
RE: Over 1.5 million pages affected by the recent SQL injection attacks  upnorthcurls | 05/21/08
RE: Over 1.5 million pages affected by the recent SQL injection attacks  samialsayyed | 05/21/08
RE: Over 1.5 million pages affected by the recent SQL injection attacks  amirsegal | 06/11/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here