Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"Thanks fot the information you provided! It's really useful site and I'm glad that came across ..."
on TJX ringleader pleads guilty
by Lora | Mar 13, 2010 1:00 AM
 
"Mifare 1K,4K,DESfire 4K,Sle4442,T5577,PVC card,KeyFob,ID card,Magstripe card Dear Sir/Madam, ..."
on Sun Microsystems addresses critical Java flaws
by Jucy | Mar 12, 2010 1:05 PM
 
"Hi Everybody Guys>> How r u? >>I Am S.M.Moshin Arafat (jony) >> I Am a Very Simple Person & I ..."
on Ads on Facebook serving up adware
by Moshin Arafat | Mar 12, 2010 10:29 AM
 
"Sounds funny. Did they ever tell the customers in plainly-worded language that the co-lo space ..."
on Datacom data centre flooded by Melbourne storm
by Dave - The Network Mule | Mar 11, 2010 10:28 AM
 
"Sunglasses of wto-store.com www.wto-store.com Versace Sunglasses http://wto-store.com/catego..."
on Web 2.0: Attack of the JavaScript malware
by Luxury Handbags 100% Authentic, 2010 Lastest Styles, Buy Now! | Mar 10, 2010 8:59 PM
Malware

SQL attack to affect over 100,000 websites

  • Email a Friend
  • Print Page
Related Articles
By Dan Raywood
Jun 10, 2009 3:11 PM
Tags: ISP | SQL | attack | Vaserv | HyperVM | virtualisation
The strength of SQL injections has been demonstrated with an attack on a large internet service provider.

An attack has been made upon Vaserv.com with the data for around 100,000 websites destroyed by attackers who targeted a zero-day vulnerability in the HyperVM virtualisation application.

 

According to The Register, Vaserv.com director Rus Foster claimed that data for about half of the websites hosted on Vaserv was destroyed all at once over the weekend shortly after administrators noticed something strange on the system.

 

He claimed that the attackers had the ability to execute sensitive Unix commands on the system, including ‘rm –rf' that forces a recursive delete of all files.

 

At the time of writing, there have been no reports of any hacker claiming responsibility for the attack, although Foster claimed that it was an SQL attack and that it was deliberate.

 

Amichai Shulman, CTO of Imperva, said: “If this is indeed SQL injection it is yet another demonstration of the power of this attack. A month or so ago the DNS Registrar for Puerto Rico was hit by an SQL Injection attack resulting in domains like google.pr, Microsoft.pr and others referencing attacker controlled servers delivering malware.

 

“SQL injections are getting meaner by the day. The bottom line: companies need to maintain a tight-fisted control over the traffic flowing in and out of the full application stack.”



See original article on scmagazineuk.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
adobe against attack conroy cyber ddos filter google internet isp malware operation phishing security service stephen test titstorm twitter us