Slashdot Mirror

← Back to Stories (view on slashdot.org)

Relentless Web Attack Hard To Kill

Posted by kdawson on from the stay-dead-willya dept.

ancientribe writes "The thousands of Web sites infected by a new widespread SQL injection attack during the past few days aren't necessarily in the clear after they remove the malicious code from their sites. Researchers from Kaspersky Lab have witnessed the attackers quickly reinfecting those same sites all over again. Meanwhile, researchers at SecureWorks have infiltrated the Chinese underground in an attempt to procure a copy of the stealthy new automated tool being used in the attacks."

5 of 218 comments (clear)

  1. Infected Websites by sexconker · · Score: 3, Interesting

    Can someone explain to me how websites get infected?

    Oh, that's right, running ads and other shit from shady people (directly or indirectly).

    I really wish websites would simply stop hosting foreign (not theirs, not trusted, not checked) code and content.

  2. Install a proxy by gfilion · · Score: 4, Interesting

    We had this problem a few months back at work. Old but necessary asp web sites kept getting infected. It only took a few hours to install a reverse proxy with mod_security on EC2 and we were in the clear.

    Full story on my blog:
    http://guillaume.filion.org/blog/archives/2008/05/i_love_ec2_and_rightscale.php

  3. Big Picture by mfh · · Score: 4, Interesting

    It's a bloody SQL injection attack. I'd like to see your virus checker automatically rewrite your web application to use input filtering.

    This is going to sound like a little bit of double speak but I'll remind you that Kaspersky found these attacks were happening. Also, they are studying the behavior. Furthermore, Kaspersky protects systems from nefarious things that attackers will do, regardless of how they get on the system. Nothing is perfect with Windows, but if you look at the options, Kaspersky is the best out there.

    Now of course, if you want to insist that the attacks happen whether Kaspersky is running or not, you will be correct. But what you're not saying is how LIMITED the attackers are when trying to get past Kaspersky after they get on a system.

    Noscript also helps, but isn't perfect either.

    --
    The dangers of knowledge trigger emotional distress in human beings.
  4. Re:Kaspersky by mordred99 · · Score: 2, Interesting

    I take every syllable that comes out of Eugene Spafford's mouth with a pound of salt. I speak as a Purdue Graduate and Security Professional.

  5. Re:Kaspersky by vishbar · · Score: 2, Interesting

    PHP is just as vulnerable to SQL injection as ASP...I think he was speaking in generic terms.

    The problem isn't in the scripting engine. The problem is bad code. You can put a bad developer in front of system you want, and he'll still write bad code.

    --
    Ride the skies