|
| Top
Security News |
Bhutto's Death Turned Into Malware Bait
Virus authors often try to capitalize on current events, and the assassination of Benazir Bhutto has proven to be a popular target; just hours after the former Prime Minister of Pakistan was killed, malware distributors...
Patch Tuesday Draws Industry Comments
PC security firms offered opinions on Microsoft's December patch releases, which included three critical fixes. Microsoft's regularly scheduled patches for its software has been arriving on millions of PCs. In the corporate environment, security pros may be...
Behind The Scenes: Secunia Spars With Autonomy
A spat over the disclosure of vulnerabilities and patches with Autonomy's KeyView software has blown up as Secunia published Autonomy's threats against the firm. The oddest aspect of the conversation...
Are You Really Protected?
The threat landscape is evolving and changing more rapidly than many traditional security companies can cope with - especially given that the bulk of threats discovered have been developed and orchestrated by highly sophisticated groups with a focus on...
|
|
|
 |
|
Web applications have long been targeted when injection flaws could be exploited, with one automated bot stepping up its injection attacks.
In November 2007, the SANS ISC noted some instances of what appeared to be automated attacks against websites, where SQL injection served as the attack vector. The attack primarily targeted sites running on Microsoft IIS, with SQL Server operating on the back end.
ISC's Bojan Zdrnja wrote at ISC Incidents about the return of the automated SQL injection attacker, on a wider scale. It appears thousands of sites have been compromised by the attacker.
According to Ryan Barnett at ModSecurity, the attack is similar to the one that affected the Dolphin Stadium website before the last Super Bowl. Upwards of 70,000 websites have been compromised by this newest attack, which SANS blames on poorly secured web applications.
| PEER 1 Dedicated Hosting -
Enter to Win 12 Months of FREE Managed Hosting - Click Here
|
|
Barnett said the attack tries to inject malicious JavaScript into all the varchar and text fields of the database. The JavaScript then attempts to infect website visitors by exploiting unpatched browser vulnerabilities, likely to drop malware onto the system.
Web applications that aren't validating input due to poor coding by their programmers put the site and its visitors at risk. Zdrnja thinks that the people behind the attack will expand their bot to target sites using PHP and MySQL, another popular combination for web applications online.
Barnett suggested using Apache as a reverse proxy server as a front end to the application server. With ModSecurity and its Core Rules in place on the reverse proxy, Barnett said the SQL injection attack as documented would not have succeeded.
About
the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
|
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
