Microsoft IIS Under SQL Injection Cyber Attack

By: Bill Waters
Published: Apr 27, 2008
Updated: Mar 19, 2010

Over 500,000 Microsoft IIS Web servers are infected less than a day by a flood of SQL injections, leaving pages with malicious iFrames.

According to Panda Security, the number of infected IIS servers reached 282,000, and security firm F-Secure said the number has risen to 500,000 less than a day later.

A flood of SQL injection attacks on Microsoft Internet Information Servers are leaving Web pages with malicious iFrames in them, and Panda Security is urging network managers to make sure their Web pages haven't been infected.

Microsoft IIS administrators can check to see whether their Web pages are infected with the iFrame code by looking for a specific code string in the source code of the Web page associated to an iFrame tag. The string should be eliminated immediately as it adds new malicious code.

Experts say the vulnerability is due in part by poorly-written SQL code that does not properly examine user input from a Web page form.

The exact vulnerability has not been identified, although suspicions center on an April 17 Microsoft Security Advisory (951306) for which there is not yet a defined patch or other fixes.

Malicious iFrame attacks have seen widespread growth over the past several months. Attackers embed the iFrame code in Web pages to redirect victims to sites for purposes of fraud.