Silent Love China attack hits 9,000 Western websites
A new round of SQL injection attacks that are believed to have been launched from China have compromised more than 9,000 Western websites.
The large-scale attacks only began on Saturday, but by Monday morning more than 7,000 websites had been affected, according to security firm ScanSafe.
A Google search conducted at the time of publication reveals that more than 9,000 sites have now been hit.
The attacks inject an iframe which loads malicious content from qiqigm.com, a domain that was only registered last Friday, a day before the attacks were first recorded.
RealPlayer and Internet Explorer vulnerabilities are targeted by the attacks which, if successful, lead to the installation of a password-stealing Trojan. The phrase “Silent love China” is also buried in the exploit code.
ScanSafe’s senior security researcher, Mary Landesman, says the attacks are targeted at English-language websites, with Chinese government websites specifically excluded.