New Mesh Injection Attack: 30,000 Websites already Hit?
Jun 16, 2011, 22:07 (0 Talkback[s])
"With SQL injection, an attacker exploits some kind of SQL flaw
in order to inject code. With mass meshing, Huang said the attacker
is in complete control of a website.
"So we believe this injection is not SQL but rather is done
through control of infected sites using an automated FTP program,"
"Huang suspects that the attackers have somehow gained access to
site login credentials, which are then used by the FTP program to
access the site and inject the mass meshing script."