Slashdot Mirror

← Back to Stories (view on slashdot.org)

Relentless Web Attack Hard To Kill

Posted by kdawson on from the stay-dead-willya dept.

ancientribe writes "The thousands of Web sites infected by a new widespread SQL injection attack during the past few days aren't necessarily in the clear after they remove the malicious code from their sites. Researchers from Kaspersky Lab have witnessed the attackers quickly reinfecting those same sites all over again. Meanwhile, researchers at SecureWorks have infiltrated the Chinese underground in an attempt to procure a copy of the stealthy new automated tool being used in the attacks."

3 of 218 comments (clear)

  1. noscript by Manfre · · Score: 5, Informative

    NoScript is one of the best ways to avoid viruses that are distributed from the web.

  2. Re:Kaspersky by mfh · · Score: 4, Informative

    Kaspersky is so brilliant, it locks up every time I try to do anything with it.

    Then again, my AVG hasn't updated properly all week...

    You're not supposed to run them at the same time. They fight for control and eventually stalemate. Uninstall AVG and reinstall Kaspersky, but by now you may have damaged your system configuration. Kaspersky is pretty brutal if it gets unhinged, but it's unstoppable if you get it configured correctly.

    --
    The dangers of knowledge trigger emotional distress in human beings.
  3. Re:This disgusts me by NNKK · · Score: 4, Informative

    You're right, you're no programmer. Go read up:

    http://en.wikipedia.org/wiki/SQL_injection

    Prepared (or parametrized) statements are an easy and absolute defense against SQL injection attacks. The OP is right, the fact that such attacks still succeed is disgusting and inexcusable.