The sites effected by the last SQL injection wave haven't recovered until it's time for the next attack of SQL injections

Once again it looks like it's older version of phpbb that got injected by JS_SMALL.QT (discovered by Advanced Threats Research Program Manager Ivan Macalintal). Unfortunately if you're going to use phpBB you have to make sure you upgrade after they've released yet another security fix (which they tend to to often sometimes ).

Visitors to a compromised site got redirected a couple of times to other sites and then will see a popup asking to install an ActiveX Object.

When the ActiveX Object gets installed these trojans also gets installed on the victims computer:

• TROJ_DNSCHANG.CS
• TROJ_ALUREON.AE
• TROJ_ALUREON.AH
• TROJ_ALUREON.AI

According to Trend Micro these trojans are evil:

These types of Trojans are known for changing an affected system’s local DNS and Internet browser settings, thus making the system vulnerable for even more potential threats.

Read more at Trend Micro.

You may also be interested in...
Antivirus for your Wordpress blog
Watch out for weird code in your pages
Expect more SQL injections

This entry was posted on Sunday, May 11th, 2008 at 3:24 pm and is filed under Antivirus & Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.