Sponsored by..

Friday 13 June 2008

advabnr.com and adsitelo.com

SQL injection time again, this time with two new domains advabnr.com and adsitelo.com both loading a script called b.js (i.e. advabnr.com/b.js and adsitelo.com/b.js)

This is turning up on sites that have already been infected with other SQL injection attacks. The good news is that the new attacks seem to be smaller, indicating that people really are managing to secure their web servers.

Some notable infected sites (many of these have been cleaned up).

adsitelo.com
  • bioimmune.com - BioImmune Inc (Health)
  • immuquest.com - Health
  • eyemdlink.com - Health
  • tandberg.com - Tandberg (Electronics)
  • techsol.com - Technology Solutions Company (ERP services)
  • pollingcompany.com - The Polling Company (Market Research)
  • spjc.edu - St Petersburg College
  • judge.com - The Judge Group (jobs)

advabnr.com
  • ibs.com - IBS, Inc (IT Services)
  • outsourcingcentral.com - Business information
  • mintek.com - Mintek Mobile Data Solutions
  • engcen.com - Engineering jobs
  • micronet.com - Digital storage
If you're searching for these domains yourself, I recommend using Yahoo! and Google as they give different results. Of course, these sites contain live malware so approach with caution.

3 comments:

Unknown said...

Any ideas on how to solve this if these SQL injections appear?

Conrad Longmore said...

Sanitise your inputs - http://www.cheergallery.com/SQLInjectionHelp.html - which is basically adding a filter to remove junk from URLs etc that shouldn't be there.

Akka said...

any idea how something like this could happen?