1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP SQL Injection Bot Activity

HTTP SQL Injection Bot Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to launch a SQL injection attack originating from your computer. This is may be due to a bot, such as Trojan.Asprox, on your computer.

Additional Information

Due to a SQL injection attack, a VBS script attempts to exploit an MDAC ActiveX code execution exploit.

Affected

  • Windows 98
  • Windows 95
  • Windows XP
  • Windows Me
  • Windows NT
  • Windows 2000

Response

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode or VGA mode.
4. Run a full system scan and delete all the files detected as Trojan.Vundo.
5. Reverse the changes made to the registry.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube