As of December 10, 2009 over 132,000 websites have been compromised and are serving up the malicious content.  The attack loads up an Iframe onto the websites via the data returned from the database which eventually leads the user (without there knowledge) to download data from 318x.com which then installats a rootkit-enabled variant of the Buzus backdoor trojan.  The full path of what happens can be found on the link above.

We’ve talked about the securing your website from SQL Injection attacks here, here and here, apparently there are tons of sites out there which haven’t been listening.

Denny

Google has a translation of the article, and the original can be found here.

The power company is question claims that the blackout which hit 18 Brazilian states on Tuesday was not caused by the hackers.  However the timing out the attack and the outage is very suspicious.  This just goes to show that utilities needs to take even more care that other companies to secure there environments to ensure that the services which they provide remain online as peoples live depend on the power staying on.

Based on the results of testing against the sites as reported by Darkreading the standard SQL Injection attack may have been used in this case to attack the site and break in.  One would think that a company as large as a countries power company would be able to have developers which wouldn’t allow SQL Injection attacks.

Denny