SQL Injection Attack Warning

Well, that’s not particularly unusual in itself, except that it’s been flagged by the Internet Storm Center as (a) happening right now and (b) escalating somewhat dramatically: in fact, it appears to resemble the lizamoon attack which was reported as affecting around a million sites earlier in the year.

According to Mark Hofman, if you’re in a position to block the lilupophilupop.com site referenced in the injection string for your client machines, that should prevent them being infected for the present. But if you are responsible for protecting your site against stuff like this, I’d strongly recommend that you read the whole diary entry, including the comments.

Hat tip to Conny Javerdal for bringing this to our attention on the AVIEN list.

David Harley CITP FBCS CISSP
AVIEN Dogsbody
ESET Senior Research Fellow

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.