Supermarket giant Wal-Mart’s website has fallen to an SQL injection attack that exploits a vulnerability in versions of the browser Flash player plug-in, possibly including the latest update of April 220.127.116.11.
Unpatched visitors could find themselves redirected to a maze of cross-referenced criminal domains and hit with a variety of malware as a result.
“Besides Wal-Mart succumbing to the attacks, the really interesting aspect of this particular wave is the sheer number of malware domains involved,” said Mary Landesman of Scansafe, which first noticed Wal-Mart’s problem pages.
“In previous attacks, the malicious src reference pointed to an exploit page on a malware domain which in turn foisted password stealing malware from that same domain. In this round of attacks, the malicious src reference points to a malware domain that in turn points to a different malware domain,” she said.
Some confusion reigns as to which vulnerability is being exploited in the new website hack. It might be related to a flaw reported last week by Symantec as being a problem, said later by Adobe to have been patched in the latest Flash plug-in version.
Want isn’t in doubt is that Adobe’s Flash is offering a way into some websites for attackers. A known cross-site scripting attack is another possible culprit.
Compromised websites have become a successful channel for distributing malware because users don’t expect to be hit when visiting legitimate websites. The applications exploited vary from attack to attack.