It is currently Thu Nov 21, 2024 6:52 pm

Mass IIS SQL-Injection Attack Spreads

For game and non-game related chatter, links, and other goodies, go here.

Mass IIS SQL-Injection Attack Spreads

Postby Zancarius » Fri Jun 11, 2010 3:35 pm

Looks like there's a massive SQL injection attack underway since earlier this week. It appears to be hitting a few ad hosts, too.

What does this mean to you? This means that some advertising banners on sites you visit might be served from compromised hosts and could therefore be serving up exploit code. This also implies you need to do two things:

1) Don't use Internet Explorer. Period. MSIE has a notorious history for being the browser with the worst security record ever.
2) Upgrade Adobe Flash Player. If you don't know what this is or how to do it, go here.

If you're using Firefox, install the NoScript extension. Similarly, disable JavaScript except for trusted domains (like your wonderful guild forums kindly hosted by Turus; but we don't run much JS here, either!).

Oh, and I lied: There is one more step. Keep your browser updated. Furthermore, if you're running Windows, regularly check Windows Update or configure automatic updates.

Ad hosts are great for online ventures, but they're also another vector through which innocent parties like you can be exploited. And remember, it takes only one bit of malware to be served up for your account to be compromised by a key logger. While authenticators will protect your World of Warcraft account, they provide no protection from attackers who might also attempt to harvest credit cards and other personal information.

Be safe, goons.
I gave that lich a phylactery shard. Liches love phylactery shards.
User avatar
Zancarius
Site Admin
 
Posts: 3907
Joined: Wed Jul 05, 2006 3:06 pm
Location: New Mexico
Gender: Male

Return to General Chat

Who is online

Users browsing this forum: No registered users and 5 guests

cron