I can't put all the pieces together, but there's a malicious scheme afoot involving SQL insertion attempts and search engine optimization, I think. Seeing logs with an insertion attempt for 0x31303235343830303536 (or 1025480056), I googled the translated value. There are a ton of hits on 1025480056 which include the SQL insertion attack in the link that Google presents. Is this a magic number for Oracle, mysql or MS SQL? Clearly evil, I'm not sure why, though.
Have you seen this before? Do you have any idea what it is? if so, please leave your comments.
Christopher Carboni - Handler On Duty
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.