SQL Injection Hack Infects 1 Million Web Pages

  /     /     /  
Publicated : 22/11/2024   Category : security


SQL Injection Hack Infects 1 Million Web Pages


SANS warns of uptick in Lilupophilupop attack, but Cisco said total number of infected Web pages likely lower.



Another SQL injection campaign is literally going viral, with some 1 million URLs possibly infected.
The SANS Internet Storm Center
over the weekend counted some 1,070,000 URLs
injected with the so-called lilupophilupop.com malware. Thats up from 80 pages it had found in early December, according to SANS ISC handler Mark Hofman.
The attackers compromise sites via SQL injection, and it appears to have hit sites worldwide, with the most infections in The Netherlands NL domain, with 123,000, and includes some .com and .org sites, as well.
At the moment it looks like it is partially automated and partially manual. The manual component and the number of sites infected suggests a reasonable size work force or a long preparation period, Hofman said in his blog post on the attack.
But the 1 million URL number might be inflated, said Mary Landesmann, senior security researcher for ScanSafe, which is part of Cisco. That count could include pages also discussing the attacks, she said. As a result, there is always a huge increase after an initial public report is made. In other words, counting the number of results from a search engine isn’t a good or viable means of measuring the breadth of a compromise, Landesmann said.
Read the rest of this article on
Dark Reading
.
Read our report on how to guard your systems from a SQL attack.
Download the report now
. (Free registration required.)

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SQL Injection Hack Infects 1 Million Web Pages