But yesterday Websense updated their website, and claimed the numbers may have been inflated a little bit, and in reality there were probably only 500,000 sites infected.
Cisco, specifically their Scansafe division took offense at even that number and reported it's likely not even 1,000 sites were infected.
From a threatpost article on the issue:
Landesman said Cisco had identified only 1,154 unique compromised Websites between September, 2010 and March 2011 that were associated with the mass SQL injection attacks. Even within those domains, the individual or group behind the SQL injection attacks is throttling the distribution of attack code, meaning just a fraction of all potentially malicious encounters actually deliver malicious code. Landesman said the "live encounter rate" is around %0.15, according to Cisco data.
Cisco has had only a handful of detections, she said. Other firms, also, said they were seeing only low numbers of compromises related to Lizamoon. Kaspersky Lab reports just four detections from domains associated with the Lizamoon SQL injection attacks. Websense did not respond immediately to a request for comment.
Cisco said it is providing a signature for the Lizamoon SQL injection attack because of "intense media attention," but considers the danger of infection from the attack to be extremely low.
So while we see alarming news, it's always a good thing to check the facts before you start to worry.
Posts
No comments:
Post a Comment