eSecurity Planet has a story on a new threat spreading quickly across the Web: A complicated SQL injection attack with the potential to steal credit cards and financial data. And at least one researcher says its creators may still be refining their technique.
A new and fairly complex SQL injection attack that began in late November has already contaminated more than 125,000 Web sites with a Trojan known to harvest credit card and other banking information.
According to Internet security and monitoring firm ScanSafe, the injected iframe loads the first stage of malicious code from 318x.com. Then, a series of iframes and code redirections that are invisible to the user culminate with the silent installation of the offending code, Backdoor.Win32.Buzus.croo from windowssp.7766.org.
“The attack appears to be a work in progress,” ScanSafe senior security research Mary Landesman wrote in a blog posting this week. “As we’ve been monitoring the malware scripts used in the final stage attacks, some scripts are being changed, some removed, and new ones being introduced.”
