Nimda did not use SQL injection as any sort of primary vector. SQL injection attacks have been around forever, but botnet/worm SQL injection attacks have really taken off pretty recently. It has gotten so bad that even Microsoft recently released a security advisory article that doesn't deal with a major flaw in its own software. That's rare ;)
http://www.microsoft.com/technet/security/advisory/954462.mspx --- On Sat, 8/9/08, Jochem van Dieten <[EMAIL PROTECTED]> wrote: > From: Jochem van Dieten <[EMAIL PROTECTED]> > Subject: Re: SQL injection attack on House of Fusion > To: "CF-Talk" <[email protected]> > Date: Saturday, August 9, 2008, 6:24 AM > Terry Ford wrote: > > Pretty ingenious really, infecting websites via > injection attack in order to infect clients with browser > vulnerabilities. > > In 2001 it was: > http://www.cert.org/advisories/CA-2001-26.html Now it is > just business as usual. > > Jochem > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310615 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
