View Single Post
Old August 6th, 2008, 15:49   #1
Administrator Malleus Veto
MadMorbius's Avatar
Join Date: Jan 2002
Location: Mississauga, Ontario
Send a message via ICQ to MadMorbius
SQL Injection mass attack

Not sure who to bring this to, so I thought I'd post it here in General to ensure it gets the admin's attention.

There is currently a mass attack taking place against millions of internet databases serving content to ASP and PHP powered websites. Thus far, over 700,000 web servers have been compromised.

The result of a compromise is the injection of code into active content tables which will initiate a cross-site scripting call to one of dozens of sites in Russia. The result of the cross-site scripting call is the download and execution of malicious javascript; the javascript then installs a downloader which will download the ASPROX virus. No interaction is required by the end user, who by all accounts is visiting a trusted web site.

The ASPROX virus serves two major purposes. First, it seeks out and attacks additional databases, usually sites that the infected user is visiting. Attacks may be persisitent, i.e. over many months, until the virus eventually finds and exploits a vulnerable application, function or table.

Secondly, the ASPROX virus installs a "BOT" on the end user's computer. The Bot becomes part of the ASPROX BOTNET. The ASPROX BOTNET's primary usage is to faciliate ROCK PHISH attacks against multiple financial institutions.

Based on the database errors I've seen occurring on this site recently, it is my believe that this site is being targetted by the Asprox virus. If there is a vulnerability anywhere within the site's application code, the virus will eventually exploit it. Exploitation may result in collateral infection of the entire ASC user community.

To the ADMINS: Please check your sql logs for evidence of multiple stacked SQL statements using CAST method and followed by a long string of Base64 characters. Additionally, please ensure you've updated to the latest version of the board software to ensure there are no application vulnerabilities to exploit.

To the USERS: Please ensure your antivirus software is up to date, and that you are running regular scans. FYI if you wind up with the ASPROX virus on your machine, you will be an unwilling participant in international criminal activity. Oh, it will also keylog the fuck out of you, so you'll probably lose most of your personal information in the process.


More information on the ASPROX virus:
Originally Posted by Deaf_shooter View Post
what if it model after his?

Last edited by MadMorbius; August 6th, 2008 at 15:56..
MadMorbius is offline   Reply With Quote