BEIJING, April 28 (Xinhuanet) -- Microsoft Corp. denied the recent incident, in which more than half a million websites were hacked, was caused by vulnerabilities in its Web and SQL Server software, according to U.S. media reports Monday.
Bill Sisk, a communications manager at Microsoft's Security Response Center, said in the group's blog, "Our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server."
Sisk's statement is response to the speculations that attacks were related to vulnerabilities in the company's Web and SQL Server software.
Earlier last week, more than 500,000 websites, including several hosted by the United Nations and the UK government, were hacked and modified in order to download malware (malicious software) to visitors' computers, according to Finnish anti-virus maker F-Secure, which caused numerous governmental and commercial Web pages were shut down.
Security researchers said those websites were hacked by SQL injection attacks.
All it takes for a user's computer to become infected is a visit to a compromised site. While viewing that site, the injected Javascript loads a file named 1,js. The file is located on a malicious server, which then attempts to execute eight different exploits targeting Microsoft applications.
Sisk urged Web site developers to follow Microsoft's guidelines to protect their domains from SQL injection attacks.
A solution to this problem is to use of Firefox instead of Internet Explorer. Firefox features an add-on called "noscript," which doesn’t allow Javascript exploits to run automatically when a hacked site is visited.
No comments:
Post a Comment