In association with heise online

20 May 2008, 13:46

Chinese websites under mass attack

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Chinese web applications based on Microsoft ISS and MS SQL are being infected with malicious JavaScript on a massive scale via what appear to be automated SQL injection attacks. The malicious script also specifically targets Chinese client software. The ultimate aim of the attacks is to inject trojans onto web client PCs.

Throughout 2008, hundreds of thousands of European and US web applications have fallen victim to such attacks, with considerable evidence suggesting that the attacks have largely originated from China. Chinese websites are suffering in their turn on a similar scale from attacks also coming from within China.

According to media reports, the attacks are using automated tools to find SQL injection vulnerabilties in web sites by brute force, so that malicious JavaScript can be inserted into pages on the sites. This technique is growing in popularity – the Asprox botnet worm was recently equipped with an automated SQL injection tool.

The JavaScript planted on a web site via SQL injection on the server creates an iframe in the viewed page that downloads additional JavaScript to the browser. This second script attempts to inject a trojan into the client PC via one of several well-known vulnerabilities including holes in Microsoft Data Access Components (MDAC), RealPlayer's ActiveX modules and, in the current round of attacks, Chinese language software used primarily in China, Taiwan, and Singapore, such as StormPlayer and Xunlei Thunder DapPlayer.

Attacks of this naturea are increasing worldwide, so web server operators should check whether their web sites are vulnerable. Microsoft recently provided some guidance on protecting Web applications running on IIS.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit