Wednesday, June 04, 2008

Wal-Mart Website Hit By SQL-Injected Flash Hole

John E. Dunn writes on Techworld.com:

Wal-Mart's admins have come in to work to find .swf Flash files on their website being used to help serve malware. The famously upstanding Sam Walton would not be amused.

According to researchers, Wal-Mart’s website has fallen to an SQL injection attack that exploits a vulnerability in versions of the browser Flash player plug-in, possibly including the latest update of April 9.0.124.0. Unatched visitors could find themselves redirected to a maze of cross-referenced criminal domains and hit with a variety of malware as a result.

More here.

Note: This is a double-whammy for two reasons -- the massive number of websites that have been injected with these malicious Flash exploits, and the fact that Microsoft just released the Windows XP SP3 update which automagically reverts installed Flash players to a previously vulnerable version.

Also, the folks over at SecureWorks have a great technical analysis on these exploits on their blog here. -ferg

0 Comments:

Post a Comment

<< Home