morte à botnet

Um artigo interessante sobre tentativas de desligar botnets:

DoJ, FBI set up command-and-control servers, take down botnet

"Past efforts at killing botnets—the large networks of computers running malicious software to send spam, flood websites with traffic, and steal personal data—have managed to disable the networks by taking down important servers, but they've always stopped short of actually killing the botnet software itself.

(...)

A federal judge has authorized the non-profit Internet Systems Consortium, working in conjunction with the FBI, to go beyond taking down the command-and-control servers: the ISC has installed its own command-and-control servers. The command the servers are sending? Kill the botnet malware. The servers were swapped out on Tuesday evening, and the kill command was duly sent.

The kill command still stops short of removing the malware altogether—each time an infected PC is rebooted it will try to restart the botnet software. But every time, the new command and control servers will tell the software to shut down, preventing it from causing any more harm.

(...)"

ataque de injecção de SQL de enormes dimensões

Massive SQL injection attack making the rounds—694K URLs so far

"Hundreds of thousands of URLs have been compromised—at the time of writing, 694,000—in an enormous and indiscriminate SQL injection attack. The attack has modified text stored in databases, with the result that pages served up by the attacked systems include within each page one or more references to a particular JavaScript file.

The attack appears to be indiscriminate in its targets, with compromised   machines running ASP, ASP.NET, ColdFusion, JSP, and PHP, and no doubt   others. SQL injection attacks, which exploit badly-written Web applications to directly perform actions against databases, are largely independent of the technology used to develop the applications themselves: the programming errors that allow SQL injection can be made in virtually any language. The underlying cause is a programmer trusting input that comes from a Web page—either a value from a form, or a parameter in a URL—and passing this input directly into the database. If the input is malformed in a particular way, the result is that the database will run code of the attacker's choosing. In this case, the injected SQL is simply updating text fields within the database, to make them include an extra fragment of HTML. This HTML in turn loads a JavaScript from a remote server, typically http://lizamoon.com/ur.php" or more recently, "http://alisa-carter.com/ur.php." Both domain names resolve to the same IP address, and presently that server is not functional, leaving browsers unable to load the malicious script when they visit infected pages. Previously, it contained a simple script to redirect users to a fake anti-virus site.

(...)"

Fonte: ArsTechnica
http://arstechnica.com/security/news/2011/03/massive-sql-injection-attack-making-the-rounds694k-urls-so-far.ars