Skip to main content

SQL Injection Worm infects thousands of unpatched websites

Another SQL Injection worm is on the run and it has succeeded in infecting a few thousands websites until now, making them become malware spewing websites instead.

The worm adds a few lines of codes to pages of the target website which in turn point to a corresponding page on the rogue website, through an iFrame, that will then contaminate any user who visit the pages.

At the time of writing, more than 11,000 websites were reportedly infected (i.e. their HTML pointed to the culprit website) and most of these were English speaking websites.

The Internet Storm Centre (opens in new tab) who broke the story, says that it doesn't know how the worm operates while Shadowserver provides with more hints on what happens after connecting to the rogue servers.

The malware that is reportedly downloaded appears to be multi faceted and part of a kit; Shadowserver recommends that internet users block access to the malicious domains and sites by using content filters, changing their DNS entries and blocking IP addresses.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.