Home : Security : News

Websites hit by 'Silent love China' attacks

The SQL injection attack has damaged thousands of English-language websites in just four days.

By Barry Collins, 20 May 2008 at 15:37

More than 9,000 Western websites have been compromised after a new round of SQL injection attacks that are believed to have been launched from China.

The large-scale attacks only began on Saturday, but by yesterday morning more than 7,000 websites had been affected, according to security firm ScanSafe.

A Google search conducted at the time of publication reveals that more than 9,000 sites have now been hit.

The attacks inject an iframe which loads malicious content from qiqigm.com, a domain that was only registered last Friday, a day before the attacks were first recorded.

RealPlayer and Internet Explorer vulnerabilities are targeted by the attacks which, if successful, lead to the installation of a password-stealing Trojan. The phrase "Silent love China" is also buried in the exploit code.

ScanSafe's senior security researcher, Mary Landesman, said the attacks are targeted at English-language websites, with Chinese government websites specifically excluded.

Email to a friend

Print this page

< Previous Security : News Next >

Be the first to comment on this article

You need to Login or Register to comment.

Latest Security Analysis & Insight

Do British police get cyber security?

Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.

More Security Analysis & Insight

Latest Security Reviews

Check Point 2210 Appliance review

Rating:

Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out.