A SQL attack which is increasing at extremely fast rates has been uncovered by ISC ( Internet Storm Center ) has seen to raise from just a few hundred pages to over 1 million in just a few weeks.
From the past few weeks of going over submitted results and information from interweb users they have put together some interesting data, one it seems to be targeting windows based servers and from the logs it seems they had been doing a bit of probing around within the weeks before the sites been injected with a special string:
They have also put together fairly solid base of ccTLD’s statistics of which have been infected (as shown below) -
- UK – 56,300
- NL – 123,000
- DE – 49,700
- FR – 68,100
- DK – 31,000
- CN – 505
- CA – 16,600
- COM – 30,500
- RU – 32,000
- JP – 23,200
- ORG – 2,690
At the moment it looks like it is partially automated and partially manual. The manual component and the number of sites infected suggests a reasonable size work force or a long preparation period.
If you want to find out if you have a problem just search for “<script src=”http://lilupophilupop.com/” in google and use the site: parameter to hone in on your domain.
Original Findings and Comments: ISC Diary | SQL Injection Attack happening ATM