SQL Worm, MBR Rootkit

There is a SQL “worm” spreading through the internet taking advantage of sites vulnerable to SQL injection attacks. The attack injects javascript in to all fields in the database that attempts to exploit browser flaws on clients that visit the infected website.  Web developers should be aware of the increasing attacks using input validation errors as their attack vector.

We have received word of a working MBR rootkit that works on modern systems. Not a new concept, but one that hasn’t had attention for several years. Windows Vista allows users to edit the MBR from userland.  A MBR rootkit has been discovered in the wild at the end of 2007. Keep an eye on this for more information coming in the future.

Leave a Reply