Xavier Media®

The sites effected by the last SQL injection wave haven't recovered until it's time for the next attack of SQL injections

Once again it looks like it's older version of phpbb that got injected by JS_SMALL.QT (discovered by Advanced Threats Research Program Manager Ivan Macalintal). Unfortunately if you're going to use phpBB you have to make sure you upgrade after they've released yet another security fix (which they tend to to often sometimes ).

Visitors to a compromised site got redirected a couple of times to other sites and then will see a popup asking to install an ActiveX Object.

When the ActiveX Object gets installed these trojans also gets installed on the victims computer:

• TROJ_DNSCHANG.CS
• TROJ_ALUREON.AE
• TROJ_ALUREON.AH
• TROJ_ALUREON.AI

According to Trend Micro these trojans are evil:

These types of Trojans are known for changing an affected system’s local DNS and Internet browser settings, thus making the system vulnerable for even more potential threats.

Read more at Trend Micro.

About the author
Andreas co-founded Xavier Media® in 1996 and has since been involved in all kinds of development, marketing and making money online.