More than 100,000 websites — including newspapers, police departments and other large institutions — have been poisoned by attacks from a Chinese IP address. These attacks spotlight major security flaws on websites that are not properly tested for simple coding errors.
Robint.us has since been disabled.
Thankfully, web developers and testers can easily identify and fix SQL vulnerabilities with proper coding.
For example, integration testing is an effective way to check for SQL problems. After developing a web application, don’t just run it as a specific unit — instead, integrate it onto your site and then test for coding flaws. To read more, check out this post by The Register.
Sophos, the cyber security company, has identified the malware as Mal/Behav-290.