Top Security News EBay Has Its Romanian Hacker An arrest in Budapest turned up one Vlad Constantin Duiculescu, aka Vladuz, a thorn in the side of the online marketplace. A business deal turned out to be a sting, and Vladuz took a deep wound from it. His time... Google Builds Tools To Fight Child Porn An ongoing effort with the National Center for Missing & Exploited Children (NCMEC) by Google produced video tools for use in finding exploitative images and videos. PayPal Calls For Partnerships Against Phishing One of the most popular phishing targets on the Internet wants to thwart criminals, but needs a lot of help to do so. Stamping out phishing won't happen with one company pushing for a fix. Payment processor and... Online Criminals Outsource Their Work A study by security vendor Finjan suggested a trend in criminal behavior has them farming work out to established rings with a technology infrastructure... Google Street View Becomes Driveway View While one Pittsburgh couple sues Google over its Street View pictures of their residence, another neighboring home found itself the focus of a Google camera car that drove up its driveway. No word yet on whether... Thursday:04.24.08 The dynamic capabilities of websites powered by back-end databases made thousands of them targets for injections of unsanitized code. A trio of domains have been found to host malicious exploits that people may hit while searching the Internet. Links to this content turned up in thousands of links to otherwise innocent websites, thanks to a seemingly unstoppable outbreak of SQL injection attacks. Security vendor F-Secure discovered in a cursory search on Google the presence of 510,000 pages affected by the attacks on a variety of sites. F-Secure advised security pros to block access to the rogue domains hosting the malware: nmidahena.com, aspder.com and nihaorr1.com. Join the Mosso Hosting Cloud. Easy. Powerful. Scalable. Learn More The bad people want to drop a gaming trojan onto a victim's system. With ten million players alone on World of Warcraft, and thousands more on other online games, such trojans could grab login credentials and steal billing information or in-game valuables. "Unless that data is sanitized before it gets saved you can't control what the website will show to the users. This is what SQL injection is all about, exploiting weaknesses in these controls," F-Secure said. The security vendor found the attack at issue now seeks out all of the text fields in the database, and adds a link to malicious JavaScript to them. ASP-based websites take note: the attackers look for .asp and .aspx pages. Any site offering the ability to upload content, from blogs to forums and beyond, could be at risk from the attack. F-Secure suggested webmasters check their server logs for a section of the injection code they listed in this latest post about the attacks. If it's present, the database needs to be cleaned up, and the application fixed to sanitize incoming content. About the Author: David Utter is a business and technology writer for SecurityProNews and WebProNews. SecurityProNews is brought to you by: SecurityConfig.com NetworkingFiles.com ITmanagementNews.com NetworkNewz.com DatabaseProNews.com SQLProNews.com ITcertificationNews.com SysAdminNews.com LinuxProNews.com WirelessProNews.com About SecurityProNews SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security. Advertising Newsletters Corporate Info Site Map Support © 2008 SecurityProNews. An email newsletter. , Inc. 2549 Richmond Rd. Lexington KY, 40509 All Rights Reserved. Terms under which this service is provided to you. Read our privacy policy. Contact us. SecurityProNews is part of the iEntry Inc. Network of sites and newsletters.