Based on Google's index, the following sites are/were infected based on the SQL injection attack discussed all over the place (1, 2, 3, 4, 5). From an SA perspective, News24, Sunday Times (available in dead tree only) and Talk Radio 702 have covered this.
Click here for Google's latest list.
Click here for Yahoo's latest list (much less accurate).
Status: Medium
- Most of the sites hosting the JavaScript are down, and most of the sites listed as infected seem to be clean (for SA). As this appears to be the 3rd or 4th injection, if web admins haven't fixed the root vulnerability and the attack is re-run pointing at a different domain, it could happen again.
- The command and control server the Trojan sends stolen passwords to is still up.
Warnings:
- Do not click on any of the links from Google or Yahoo as you are likely to be taken to a website which will infect your computer with a trojan.
- Search engines (aka Google and Yahoo) work on an index, which works on a snapshot of information. This snapshot takes a while to update, so some sites may be infected and not listed yet, and others may no longer be infected and still listed.
Trackbacks
Trackback specific URI for this entry
No Trackbacks