Massive SQL Injection Attack Compromises 380K URLs 117
Orome1 writes "A massive SQL injection attack campaign has been spotted by Websense researchers, and the number of unique URLs affected by it has risen from 28,000 when first detected yesterday, to 380,000 when the researchers last checked. The injected script redirects users that have landed on the various infected pages to the domain in the script, which then redirects them further to a website simulating an anti-malware check and peddling a rogue AV solution."
SQL Injection??? (Score:4, Interesting)
Very difficult to tell from the worthless article and summary.
More Information Please? (Score:4, Interesting)
Website use follows a Zipfian distribution. Less popular sites may be more vulnerable to attack since they'd be written by script kiddies.
So instead of telling us how many URLs have been hijacked, how about telling us how many end users are likely to be affected by this? It makes a large difference if one of the URLs is a popular website or just something a 10 year old patched together using Frontpage.
Here's a suggestion (Score:4, Interesting)
Since I know this user doesn't go to random bobssoftware.com sites, it had to come from an ad or a compromised site.
Also, would it have killed the editors to go to the source [websense.com] rather than some blog which scraped the source site?