From the Project X blog comes the alert about a new SQL injection attack spreading around. This is a local view on the problem, and that's what makes it more interesting:
A quick assessment of the NZ landscape shows that over a sample of 100 of the latest attack signatures (specifically looking at the result of the successful SQL Injection) indicates that there are 68 distinct infections over some 18 “NZ” sites… all IIS5/6 sites. Not good news for some and given that a couple of these sites are in NZ’s “top 100” and would service a not-so-insignificant number of unique browsers.
Note: I’ve performed this assessment out of the google cache so I’d expect that this would be somewhat worse, given SEO (in general) and the timing of google spider visits.
Plenty of details on the dedicated SANS page.
No comments:
Post a Comment