Security Epidemic: SLQ INJECTION
Security: hyper endemic Epidemic: SLQ INJECTION, RAMPANT ON INTERNET
THERE IS NO WAY TO KEEP IT OFF YOUR COMPUTER, BUT YOU CAN STOP THEM FROM RUNNING.
The risks and threat have been under played by the media and security vendors.
SLQ injection is now ENDEMIC...
MAC's vulnerable also.
SECURITY WARNING: epidemic
SLQ INJECTION IS RAMPANT ON THE WWW, EVEN GOOGLE.
Also many Google search results are infected.
This program tests the links free...
( USE THE GOOGLE LIST )
HERE
This threat is VERY SERIOUS.
PARADIGM INTEL
Currently it is profit motivated, but the potential uses for other motivations
and the lack of prevention and inability of security vendors and Internet hubs to control SLQ
injection PUTS the entire WWW at risk.
Data we have collected:
From Vista OS
( it got on to Vista )
One we have seen tracks the victim to EVERY PAGE THEY VISIT.
Spies IP: ( MAC )
66.197.241.55
67.159.44.24
SYMPTOMS:
Also excessive fan running and stopping, over and over.
Svchost calls dll's ( from unknown souce ) and attempts to run them.
Excessive, repetitive spikes in CPU usage as it attempts to run evil dll's.
Vista:
Related: ljizv8iy, and possibly FFAlert.dll, neither found with MS search of hard drive.
In logs someone surfing same pages same times as you.
SEARCH:
NO hidden processes file or folders found by F-secure's Blacklight. ( smells of a rootkit )
Ad aware, 2007 and 2008 finds nothing.
Webroot, anti-spy and virus found nothing.
McAfee Suite found nothing.
Gerald
Internet Anthropologist, ad Magnum
Update:
The rough number of SQL injected sites is around 1.5 million pages, in reality the number is much bigger, and there are several ongoing campaigns injecting obfuscated characters making it a bit more time consuming to track down. Who's behind these attacks? Besides the automation courtesy of botnets, the short answer is everyone with a decent SQL injector, and today's SQL injectors have a built-in reconnaissance capabilities, like this one which I assessed in a previous post.
SOURCE: Dancho Danchev
This is a threat to the WWW. G
HOW:
CYBERWARS's Pearl Harbour
( read the whole thing, all the updates. )Possible solutions, get control of rundll32.exe, and verify schost.
Make recommendations in comments please. G
UPDATE: 3:42 am EST
The weakest link: NOT A LONG TERM SOLUTION:
Theory:
Registry cleaning seems to clear everything up.
We used Uniblue Reg booster.
$29.00 search for coupon code, $19.00
It works, but we have been running Haute Secure.
The reason this works might be that the Reg, was making connections to hidden files,
but the reg cleaner could not see them and deletes the reg connections thinking they are not valid, thereby disabling the attempted infection. Will be doing more testing.
System seems to settles right down, fan quits running and no more cpu spikes continually.
Spikes seem to be more normal. 8> THEY COME BACK.
TURNED OFF GOOGLE ACCELERATOR FIXED PROBLEM OF SPIKES AND RUNDLL32.EXE
RUNNING EVERY 4 SECONDS.
Gerald
.
Labels: mac, security, SLQ INJECTION, SLQ INJECTION IS RAMPANT ON THE WWW, www at risk
1 Comments:
use "noscript" firefox plugin and a proxy/SSH/VPN connection + "freeze" your computer.
stay frosty!
kind regards
Post a Comment
Subscribe to Post Comments [Atom]
<< Home