January 5, 2012 By Dancho Danchev

Mass SQL injection attack affects over 200,000 URLs

by Dancho Danchev

Security researchers from the Internet Storm Center, have intercepted a currently ongoing SQL injection attack, that has already affected over 200,000 URLs.

The attack was originally detected in early December, 2011. It currently affects ASP sites and Coldfusion, as well as all versions of MSSQL.

Users that are successfully redirected are exposed to either a fake Adobe Flash page requesting that they update their player, or scareware also known as fake security software.

How are malicious attackers successfully SQL injecting legitimate web sites? There are several approaches in their arsenal. For instance, they often use a search engine’s index in order for them to detect vulnerable web sites, using DIY SQL injecting tools. The second approach relies on botnets actively crawling inside a search engine’s index, once again looking for vulnerable and susceptible to SQL injections web sites.

The most recent massive SQL injection attack affected over a million web sites during October, 2011. The attack was directly connected with the Lizamoon mass SQL injection attacks.

There’s no way for you to spot whether a site has been compromised, unless you use Search to look up a particular site for the malicious URL in question, before visiting it. This is where Firefox’s NoScript comes into play, preventing the successful loading of the malicious script upon visiting the compromised web site. So use Firefox’s NoScript extension to prevent SQL injection attacks, as well as numerous other web-based threats.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

Trackbacks

  1. […] same goes for mass SQL injection attacks, which according to Cisco Systems showed a fairly steady growth rate  throughout 4Q11. Mass SQL […]

true