Javascript injection posts - News Blog

April 27, 2008 2:09 PM PDT

Microsoft is denying that a recent rash of Web server attacks are the company's fault.

In a blog posted late Friday night, Bill Sisk, of the Microsoft Security Response Center, wrote that the attacks are not due to any new or unknown security flaws in Internet Information Services or Microsoft SQL Server. Rather, he says, the attacks are made possible by SQL injection exploits, and he points Web developers to the company's list of best practices to prevent such attacks.

Ongoing attacks have affected half a million Web pages, compromising them so they serve up malware, according to several reports. The hacked sites include government sites in the U.K. and sites belonging to the United Nations.

All it takes for a computer to become infected is a visit to a compromised site. While viewing that site, the injected Javascript loads a file named 1,js. The file is located on a malicious server, which then attempts to execute eight different exploits targeting Microsoft applications.

Related story: Web 2.0, meet Internet attack 2.0

Topics:: Microsoft,; Security

Tags:: security,; Javascript injection,; Microsoft

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

Inside CNET News

Scroll Left Scroll Right

Deep Tech
Long-awaited Bibble 5 raw photo editor arrives
Bibble 5 Pro is out, bringing higher performance and a higher price to the raw-photo editing and cataloging software. Also new: selective editing.
Gallery
En route to GPS-based air traffic control (images)
MacFixIt
Apple misses its mark on Windows 7 Boot Camp support
Installing Windows 7 over Vista will give numerous advantages, even if for nothing more than to increase the stability of the operating system; however, to date Apple has not officially supported this despite claiming support would be out by the end of th
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Deep-sea volcanic explosion--part 2 (video)
InSecurity Complex
Q&A: Researcher Karsten Nohl on mobile eavesdropping
Researcher who tackled smart card security last year talks to CNET about how easy it is to listen in on GSM-based mobile phone calls now that the encryption has been cracked.
Video
Deep-sea volcanic explosion--part 1 (video)
Deep Tech
'Don't-be-evil' Google spurns no-evil software
One open-source software programmer's joke--'The Software shall be used for Good, not Evil'--is a serious matter at Google.
The Space Shot
Soyuz craft docks, boosts space station crew
A Russian Soyuz spacecraft docked with the International Space Station Tuesday after a smooth, automated approach, boosting the lab's crew back up to five.
Gallery
NASA trains WISE eye on the sky (photos)
Digital Media
Time Warner Cable shows subscribers how to cut cord
Cable company posts a comprehensive set of instructions for grabbing video directly from the Web, part of the company's posturing with News Corp.'s Fox over rates.
Green Tech
Green-tech venture investing cools off in 2009
Green tech is still attracting billions of dollars a year, but the amount of money has shrunk significantly as investors began to focus on start-ups with the most potential.

News Blog

Microsoft denies fault in hacks

Most Popular

15 sites that went kaput in 2009

Top 10 news stories of the decade

About News Blog

Inside CNET News