The SQL Injection worm, which attacks databases, has affected about 4,000 sites, according to The Internet Storm Center.
The assault adds invisible code to a site that can force visitors to download malware onto their PC. Bad PR, to say the least.
IMPORTANT: DO NOT visit the domain named in the following test, or any sites that show up on a Web search as having this domain listed in their pages’ code (including cached pages). Doing so could infect your PC with malware.
To see if your site has been hit, run the following Google search: “site:your company domain (ex. pcworld.com) winzipices.cn.”
Or search for that domain within your Web site HTML code. If you find anything, let your IT know immediately. When I ran a search just now I saw sites for everything from insurance companies to cemeteries to universities that all appear to have been infected.
The ISC doesn’t yet know just what vulnerability is targeted. The attack highlights the importance of keeping your site secure, something I wrote about last month. It’s likewise critical to keep your own PC software up-to-date, as the ISC says visitors to infected sites can be hit via a known flaw in old Real Player software.
For more details, see the ISC post or a more detailed writeup from shadowserver.org.