Walmart Hit By The Most Recent SQL Injections

by Dave2 on June 2nd, 2008 in Security Alert.

Walmart.com has been hit by the latest in a series of SQL injections that serves up malware via javascript. Framedart.walmart.com seems to have been injected with a malicious URL that automatically downloads malware to an unsuspecting visitors computer. Every description area when you search framedart.walmart.com will have a pointer to hXXP://www.sys****.com/b.js (detected as Exploit.HTML.Iframe.FileDownload) which is a malicious script with an iframe pointing to hXXp://en-****.com/cgi-bin/index.cgi?ad this points to 2 swf (flash) files that take advantage of the latest flash player exploit. Advert.swf and banner.swf are detected as exploit.flash or exploit.swf and in turn download more malware to the users machine.

Our Research team has attempted to contact Walmart.com's admin to notify them of this issue. While we haven't yet received a reply from Walmart reps as to whether they're aware of the exploit, we will be keeping an eye on this we will update when it has been cleared up and framedart.walmart.com is safe to surf again.

Until then make sure you have the latest version of software installed on your computer, there are hundreds of thousands of sites that have been injected in the same way as this one and your best bet on not becoming infected is to stay updated.

I did some digging and did not see any other walmart.com pages that have been exploited but that certainly does not mean there isn't any or that there won't be any.