Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"I would never have written a comment except... spot on Ash... I kind of wondered whether the ..."
on Internet censorship not a vote-changer
by tashi k | Mar 20, 2010 11:12 PM
 
"im not receiving my emails can send but cant receive.was fine last night this morning not working"
on Hotmail log-in problems cause user panic
by r reid | Mar 19, 2010 2:24 AM
 
"hmm... the article sounds very good but isn't his last point spamcop? don't we already have ..."
on Wardriving cop warns of hackers in waiting
by anon | Mar 18, 2010 2:35 PM
 
"The claim listed above that NetRegistry CEO Larry Bloch said - and I quote "giving over your ..."
on Hackers attempt to dupe NetRegistry customers
by Joe Baptista | Mar 18, 2010 12:39 PM
 
"Have the EFA produced the definitive and clear quote yet where Conroy calls his critics ..."
on Conroy brands EFA anti-filter campaign a disgrace
by Mazza | Mar 17, 2010 5:41 PM
Malware

SQL attack to affect over 100,000 websites

  • Email a Friend
  • Print Page
Related Articles
By Dan Raywood
Jun 10, 2009 3:11 PM
Tags: ISP | SQL | attack | Vaserv | HyperVM | virtualisation
The strength of SQL injections has been demonstrated with an attack on a large internet service provider.

An attack has been made upon Vaserv.com with the data for around 100,000 websites destroyed by attackers who targeted a zero-day vulnerability in the HyperVM virtualisation application.

 

According to The Register, Vaserv.com director Rus Foster claimed that data for about half of the websites hosted on Vaserv was destroyed all at once over the weekend shortly after administrators noticed something strange on the system.

 

He claimed that the attackers had the ability to execute sensitive Unix commands on the system, including ‘rm –rf' that forces a recursive delete of all files.

 

At the time of writing, there have been no reports of any hacker claiming responsibility for the attack, although Foster claimed that it was an SQL attack and that it was deliberate.

 

Amichai Shulman, CTO of Imperva, said: “If this is indeed SQL injection it is yet another demonstration of the power of this attack. A month or so ago the DNS Registrar for Puerto Rico was hit by an SQL Injection attack resulting in domains like google.pr, Microsoft.pr and others referencing attacker controlled servers delivering malware.

 

“SQL injections are getting meaner by the day. The bottom line: companies need to maintain a tight-fisted control over the traffic flowing in and out of the full application stack.”



See original article on scmagazineuk.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
anonymous attack blackout broadband conroy cyber ddos efa filter filtering government internet isp malware operation security stephen test titstorm us