Walmart Hit By The Most Recent SQL Injections
Walmart.com has been hit by the latest in a series of SQL injections that serves up malware via javascript. framedart.walmart.com seems to have been injected with a malicious URL that automatically downloads malware to an unsuspecting visitor's computer. When you search framedart.walmart.com, every description area will have a pointer to hxxP://www.sys****.com/b.js (detected as Exploit.HTML.Iframe.FileDownload), which is a malicious script with an iframe pointing to hxxp://en-****.com/cgi-bin/index.cgi?ad . This points to 2 swf (flash) files that take advantage of the latest Flash Player exploit. advert.swf and banner.swf are detected as exploit.flash or exploit.swf and in turn download more malware to the user's machine.
Lavasoft Research Blog
http://www.lavasoftusa.com/support/securitycenter/blog/
SQL injection & Flash Player exploits on Wal-Mart's site
- The Masked Marauder
- Emeritus Contributor
- Posts: 131
- Joined: Sat Apr 08, 2006 5:21 pm
- Location: Raleigh, NC