Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Protection advice against latest SQL injection attack

Imperva : 28 August, 2009  (Technical Article)
Chinese mass SQL injection attack results in drive-by downloads targeting innocent users of infected sites warns Imperva
Imperva has said the mass SQL injection attack infecting hundreds of thousands of web sites show some unique characteristics, as all the attacks stem from China.

"We have been tracking this specific attack for the past 4 weeks and all the IP addresses that the automated attacks have come from are based in China. This is something unique, as usually attacks of this nature come from infected BOT PCs based all over the world rather than in one country. The SQL injection attack vector us in the attack is by itself quite standard and has been in common usage for the past 18 months. Any descent Web Application Firewall should be able to detect it" said Amichai Shulman, Imperva's chief technology officer.

The Imperva CTO continued: "We are seeing a constant flow of attacks aimed at drive-by-download. Just in the past two month we have seen 3 different strands of such attack campaigns. In this latest wave we have recorded the attack coming from more than 60 servers based in China attacking sites around the world, rather than the global network typically seen in such attacks. Interestingly enough, 4 weeks into this attack campaign the malware distribution servers are still up and running.

The attack targets innocent visitors of the sites that have been hit, as it injects malicious IFRAME into these sites. Thus visitors are unknowingly downloading malware from China based servers while visiting such an infected site. Once infected by this malware, a user's computer becomes a Zombie in a Botnet that will later be used to distribute spam, participate in coordinated DDoS attacks or simply by used for extracting personal access credentials to other sites.

The Imperva CTO said that this type of SQL injection is one of the top five most popular attacks used by malicious hackers today and Enterprises should take appropriate external (web application firewall) and internal (code changes) to prevent their web servers becoming a source for distributing malware for cyber criminals.

Advice for enterprises:

* use application firewalls to protect themselves from infection
* use scanners and other tools to find and remove vulnerabilities in their website code
* ensure all application patches are implemented

Advice for individuals:

* ensure all browser updates are implemented immediately
* use the best technology to protect web browsing based on behavioural real-time technology
* implement all security signatures as soon as they are available

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo