Web attack worm infecting hapless sites

Warning by the ISC

The Internet Storm Center, which tracks online threats, warns Wednesday that a worm is with a database attack. Though relatively small by Web attack standards with about 4000 reported infected sites, the assault adds invisible code to a site that can force visitors to download malware onto their PC. Bad PR, to say the least.

IMPORTANT: DO NOT visit the domain named in the following test, or any sites that show up on a Web search as having this domain listed in their pages' code (including cached pages). Doing so could infect your PC with malware.

To see if your site has been hit, run the following Google search: "site:your company domain (ex. pcworld.com) winzipices.cn." Or search for that domain within your Web site HTML code. If you find anything, let your IT know immediately. When I ran a search just now I saw sites for everything from insurance companies to cemeteries to universities that all appear to have been infected.

The worm uses a SQL Injection attack, according to the ISC, but it doesn't yet know just what vulnerability is targeted. The attack highlights the importance of keeping your site secure, something I wrote about last month. It's likewise critical to keep your own PC software up-to-date, as the ISC says visitors to infected sites can be hit via a known flaw in old Real Player software.

For more details, see the ISC post or a more detailed writeup from shadowserver.org.

Join the newsletter!

Error: Please check your email address.

More about GoogleVIA

Show Comments
[]