Relentless Web Attack Hard To Kill

ancientribe writes "The thousands of Web sites infected by a new widespread SQL injection attack during the past few days aren't necessarily in the clear after they remove the malicious code from their sites. Researchers from Kaspersky Lab have witnessed the attackers quickly reinfecting those same sites all over again. Meanwhile, researchers at SecureWorks have infiltrated the Chinese underground in an attempt to procure a copy of the stealthy new automated tool being used in the attacks."

noscript

[Manfre]

NoScript is one of the best ways to avoid viruses that are distributed from the web.

Re:noscript

[Manfre]

I've been developing with ASP.NET (c#) since its initial beta and am very familiar with how it functions. This discussion would go a bit smoother if you would read a comment before replying to it. Noscript prevents javascript from loading on any site, until the site is explicitly given permission by the user. Approve your CRM domain(s), which will allow it to work properly. Then if it is compromised, noscript will block the javascript on the destination domain. If your server is compromised to the point where it is hosting exploits, then the IT staff needs to spend a bit more effort patching and locking things down. Noscript is not the only protection that should be used, but it greatly helps. It's like driving a car a little bit slower. You've still got a seatbelt to help keep you alive, but you should be less likely to hit something.

Re:Kaspersky

[mfh]

Kaspersky is so brilliant, it locks up every time I try to do anything with it.

Then again, my AVG hasn't updated properly all week...

You're not supposed to run them at the same time. They fight for control and eventually stalemate. Uninstall AVG and reinstall Kaspersky, but by now you may have damaged your system configuration. Kaspersky is pretty brutal if it gets unhinged, but it's unstoppable if you get it configured correctly.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:This disgusts me

[NNKK]

You're right, you're no programmer. Go read up:

http://en.wikipedia.org/wiki/SQL_injection

Prepared (or parametrized) statements are an easy and absolute defense against SQL injection attacks. The OP is right, the fact that such attacks still succeed is disgusting and inexcusable.

No, it's not.

[Bearhouse]

Your're right to publicise a good product that I also use and reccommend. However:

Most people that get caught by malware don't understand all these arcane details.

Most people use IE, (no noscript here..) and blindly click 'OK' when they cannot see the porn.

Bad web sites / pages don't just install viruses.*

Re:Install a proxy

[merreborn]

mod_security is a reactive security measure. It's blacklist based, which makes the classic error of attempting to "enumerate badness".

While it's great if you've identified an existing threat to an application you cannot properly secure, it does nothing to protect you against future attacks using less obvious techniques.

mod_security alone is not an adequate solution. It's still necessary to proactively write secure applications in the first place, which means making sure you're never allowing raw, unfiltered/unescaped user data into places where it shouldn't go.

Re:Kaspersky

[Fulcrum+of+Evil]

Are you insane? Write parameterized SQL for all your queries and this just won't happen - setting your name to ';-- drop table users;' will just result in funky display logic.