Shall I compare thee to an SQL Injection?

” Shall I compare thee to an SQL Injection?
Thou art more common and more widespread:
Rough winds do shake the World Wide Web, “

Apologies to the bard.

Over the last couple of days WS1000 customers, primarily in the K-12 market, have been reporting infections on a Poem repository based in Turkey. The site seems to hold the works of several popular poets.

  • Pablo Neruda
  • Charles Bukowski
  • Edgar Allan Poe
  • Emily Dickinson
  • William Shakespeare
  • William Blake
  • William Butler Yeats
  • Rudyard Kipling
  • Octavio Paz


The site is infected with Mal/Badsrc-C and will attempt, eventually, to infect victims with a downloader Trojan we proactively block as Mal/TinyDL-T. SophosLabs is in the process of contacting the site owner and will update this blog in the near future.

You can read more about SQL Injections and how to avoid them on the Sophos web site.