Hackers infect half a million websites

 

Gallery

By Matthew Sparkes

Posted on 25 Apr 2008 at 10:40

UK Government websites are among half a million pages infected by hackers in a huge and well organised SQL injection attack.

SQL injection involves inserting malicious code into websites by entering SQL queries into input boxes, such as search or comment fields. Infected websites can then infect any users visiting the site.

"As more and more websites are using database back-ends to make them faster and more dynamic, it also means that it's crucial to verify what information gets stored in or requested from those databases - especially if you allow users to upload content themselves," warns a blog post from F-Secure. "Unless that data is sanitised before it gets saved you can't control what the website will show to the users."

The company searched Google for a string indicating that a site has been infected, and found that 510,000 sites were affected. Among those were UN sites and the UK Civil Service careers site.

The code inserts a link to all text fields in a database that adds malicious javascript to the source code of the page. Three domains have been found to host the code; nmidahena.com, aspder.com and nihaorr1.com.

F-Secure suggests that site owners search their site for links to the javascript, and remove them before any users are infected. Sanitising any data sent to the database by users will prevent similar attacks in the future.