< OSVDB SoC Updates | SQL injections going mad >
Apr 29

Currently, potentially, Infected SA sites

Security No comments »
Security

Based on Google's index, the following sites are/were infected based on the SQL injection attack discussed all over the place (1, 2, 3, 4, 5). From an SA perspective, News24, Sunday Times (available in dead tree only) and Talk Radio 702 have covered this.

Click here for Google's latest list.

Click here for Yahoo's latest list (much less accurate).

Status: Medium

  • Most of the sites hosting the JavaScript are down, and most of the sites listed as infected seem to be clean (for SA). As this appears to be the 3rd or 4th injection, if web admins haven't fixed the root vulnerability and the attack is re-run pointing at a different domain, it could happen again.
  • The command and control server the Trojan sends stolen passwords to is still up.


Warnings:

  1. Do not click on any of the links from Google or Yahoo as you are likely to be taken to a website which will infect your computer with a trojan.
  2. Search engines (aka Google and Yahoo) work on an index, which works on a snapshot of information. This snapshot takes a while to update, so some sites may be infected and not listed yet, and others may no longer be infected and still listed.

Posted by Dominic White

Last modified on 2008-04-29 15:17

0 Trackbacks

Trackback specific URI for this entry
  1. No Trackbacks

0 Comments

Display comments as(Linear | Threaded)
  1. No comments

Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA