One of my early Hackademix posts was about SQL injection vulnerabilities exploited to deface the United Nations main web site. In a later update I explained how, rather than fixing their holes properly, the U.N. technicians deployed a pretty useless Web Application Firewall, masking the most obvious attack surface but keeping their sites just as vulnerable as before.
These exploits leverage a Microsoft Internet Explorer 7 vulnerability patched last year (bad guys seem not to trust Windows Update effectiveness), â€œas well as [bugs in] other applicationsâ€. Well, since modern browsers embed a lot of "other applications" which are usually quite vulnerable, maybe a good idea (actually the only sane idea, other than reverting to Lynx) is switching to a safe web browser and -- shameless plug(in) -- making it even safer by preemptively blocking execution of malicious scripts and embedded content. On a side note, Opera's web site preferences couldn't help in cases like these, when the compromised site is probably among the ones you trust, allowed to run scripts; NoScript, instead, still blocks the external malicious code even if the main page is in your whitelist.
As previously explained by SANS, the
The default search pattern of this tool is
: in English, "those web pages developed with Microsoft Active Server Pages technology and accepting query string parameters". Unsurprisingly, this profile matches the original, still unpatched U.N. SQL injection; as I already said reporting the first accident, I believe crackers primarily target ASP sites (even though they are relatively few nowadays) because of the poor coding standards often shown by ASP coders, who usually have a Visual Basic desktop programming background and are less aware of web application security.
At any rate, some simple googling reveals that some U.N. sites are still infected, while UK Government sites have been "cleaned up".
The sad truth, though, is that even those "clean" sites are still vulnerable, hence they could be reinfected at any time: some people just never learn...