Thursday, October 27, 2011

Powerful, simple new mass SQL injection attack opens 180K sites

October 24, 2011, 4:16 PM — A new, prepackaged set of SQL injection techniques are circling the Internet, injecting malicious JavaScript into sites that run on ASP.NET with code that allows attackers to open a door on the sites and slip in malware or other exploits that they can use to take over or sabotage the site.

According to Alex Rothacker, director of security research for Application Security, Inc.'s Team Shatter, which lists SQL injections with data-base access components the No. 2 security risk.

So far, 180,000 sites have had been penetrated by the new attack, which differs from existing SQL injections like the ones that cracked Sony 17 or 18 times because it attacks not one site at a time, but dozens.

Once they're cracked, the infected sites start serving copies of the malware to their visitors, extending the attack even further.

The attacks started Oct. 9, according to web security provider Armorize, which also found only six of 43 virus detectors can pick up the malicious code.

The attack injects malicious JavaScript code into ASP.NET sites that store HTML content in SQL Server databases – content that acts as a cache to make subsequent visits to that page far quicker because the main page is coming out of a local database rather than through the Internet, according to Rothacker, whose analysis ran in HelpNet Security

When a visitor hits the site, the pages link the browser to a site called, which runs a script that infects it with botnet-control code that gives the botnet owner control to run code or make changes on the newly zombified machine.

Read more: ITWorld
QR: powerful-simple-new-mass-sql-injection-attack-opens-180k-sites

Posted via email from Jasper-Net