Nearly 20,000 websites have been attacked by unknown hackers using a technique known as an SQL injection. The hackers have inserted code to install malware onto visitors’ computers. The code exploits a newly-discovered weakness in Adobe Flash Player, a very common web-browser plugin. The attacks prompted an investigation by the Taiwanese information security industry into the source of these attacks.
An SQL injection is a common method employed by hackers to attack and deface websites, and they arise from mistakes in checking user input. Hackers take advantage of these weaknesses to inject information of their choosing into the website. For example, in June of 2007, Microsoft UK found its webpage changed to a picture of the Saudi Arabia flag, an attack which was carried out using an SQL injection.
According to SecurityFocus, the vulnerability in Flash Player affects versions 220.127.116.11 and 18.104.22.168 of Flash Player. It allows hackers to load any code they wish onto a computer running these versions of Flash.
As the vulnerability in Flash is newly-discovered, Adobe has not yet released a new version which fixes the problem. For the time being, computer security experts recommended internet users disable the Flash plug-in on Mozilla Firefox or Internet Explorer to prevent hackers from gaining control over their computers.
You can find latest updates here.