Urgent DNS-BH Update: SQL Injection Worm
The following domains are now active:
winzipices [dot] cn
cnzz [dot] com
51 [dot] la
ajiang [dot]
So what can be done to fight this iframe epidemic??
Urgent New Domain: jueduizuan [dot] com
From SANS Internet Storm Center:
UPDATE: We’re also see this website serving up some attacks in connection with this SQL Worm (hxxp://bbs.jueduizuan.com)
Iframes are evil.
- There needs to be an option on web servers to explicitly allow external iframes to be served.
- The list needs to be manually added to an apache/IIS/other web server config file.
- Web browsers need to have serving of external iframes disabled by default, with the user being required to explicitly allow them