TheUS Computer Emergency Readiness Team(US-Cert) has warned of widespreadSQL
injectionattacks that are compromising
websites.
The
attacks are targeting websites across all sectors, said
US-Cert. The compromised sites have been modified to include a
malicious JavaScript file.
When a user unknowingly visits a compromised site, they are
re-directed to a series of malicious web pages that attempt to
exploit multiple client-side vulnerabilities in a number of
applications, including Internet Explorer and RealPlayer.
To mitigate the risk, US-Cert is urging users and administrators
to update RealPlayer, if they have it, to the latest version, and
to disable ActiveX controls in their browsers.