Ten thousand servers hit in SQL injection hack

A brute force SQL injection onslaught that began on May 13 has infected a reported 10,000 servers, infecting thousands of Chinese and Taiwanese sites with malware.

Originating from 1,000 servers in a single Chinese facility, the attackers are said to be using automated queries to Google's search engine to identify Web sites with exploitable vulnerabilities. Furthermore, the attacks do not target a single vulnerability, but have shown up through more than ten different holes: MS06-014 (CVE-2006-0003), MS07-017 (CVE-2007-1765), RealPlayer IERPCtl.IERPCtl.1 (CVE-2007-5601),GLCHAT.GLChatCtrl.1 (CVE-2007-5722), MPS.StormPlayer.1 (CVE-2007-4816), QvodInsert.QvodCtrl.1, DPClient.Vod (CVE-2007-6144), BaiduBar.Tool.1 (CVE-2007-4105), VML Exploit (CVE-2006-4868) and PPStream (CVE-2007-4748).

Wayne Huang, CEO of Web application security tools maker Armorize Technology, called the attack "very well designed."

Only last month, a rash of SQL Injection hacks took place on database-driven Web sites that used ASP to generate results. That particular outbreak affected over half a million sites.

Oftentimes, sites are vulnerable to SQL attacks due to negligent coding. Another example of this took place last month when it was made public that Oklahoma's Department of Corrections site was extremely vulnerable. In what could scarcely even be called a "hack," a user could access the site's database through a series of simple SQL commands, subsequently accessing the 10,597 social security numbers and offense records of everyone contained therein.

Armorize Technology reports that SQL attacks saw an exponential leap in frequency between 2004 and 2005, but have since been on the decline, cross-site scripting attacks have been steadily increasing since 2005.