Web Attack Worm Infecting Hapless Sites

The Internet Storm Center, which tracks online threats, warns today that a worm isinfecting vulnerable Web siteswith a database attack.   Though relatively small by Web attack standards with about 4,000 reported infected sites, the assault adds invisible code to a site that can force visitors to download malware onto their PC. Bad PR, to say the least.

visit the domain named in the following test, or any sites that show up on a Web search as having this domain listed in their pages' code (including cached pages).   Doing so could infect your PC with malware.

To see if your site has been hit, run the following Google search: "site: your company domain (ex. pcworld.com) winzipices.cn."   Or search for that domain within your Web site HTML code. If you find anything, let your IT know immediately.   When I ran a search just now I saw sites   for everything from   insurance companies to cemeteries to universities that all appear to have been infected.

The worm uses a SQL Injection attack, according to the ISC, but it doesn't yet know just what vulnerability is targeted. The attack highlights theimportance of keeping your site secure, something I wrote about last month. It's likewise critical to keep your own PC software up-to-date, as the ISC says visitors to infected sites can be hit via a known flaw in old Real Player software.

For more details, see theISC postor a moredetailed writeup from shadowserver.org.