NEWS FROM THE LAB - Thursday, December 10, 2009

New Wave of SQL Injection Attacks Posted by Chang @ 20:17 GMT

Reports have reached us of a fresh SQL injection attack that has compromised many websites. A Google search of the malicious iframes used in the attacks nets over 100,000 hits:

Google search results for SEO attack

As is typical, the initial iframes lead to HTML pages, which load iframes containing obfuscated JavaScript, which then attempts to exploit the unfortunate visitor. A successful exploit leads to a download of a malware of the Buzus family.

We already detect the malware binary as Trojan.Generic.2823971 with our latest Internet Security 2010 databases and as Trojan.Win32.Buzus.croo in our other products.