Thursday, May 22, 2008

Malware Domains Used in the SQL Injection Attacks

Whereas the value of these malicious domains lies in the historical preservation of evidence, as long as hundreds of thousands of sites continue operating with outdated and unpatched web applications, the list is prone to grow on a daily basis, thanks to copycats and the Asprox botnet. The Shadowserver Foundation's list of malicious domains used in the SQL injection attacks : s

Some new additions that I'm tracking :

The rough number of SQL injected sites is around 1.5 million pages, in reality the number is much bigger, and there are several ongoing campaigns injecting obfuscated characters making it a bit more time consuming to track down. Who's behind these attacks? Besides the automation courtesy of botnets, the short answer is everyone with a decent SQL injector, and today's SQL injectors have a built-in reconnaissance capabilities, like this one which I assessed in a previous post.