All the latest UK technology news, reviews and analysis

Devastating SQL attack compromises 50,000 sites

by Phil Muncaster

More from this author

25 Aug 2009

Be the first to comment

  • Tweet this
Trojan horse
An SQL injection attack is delivering a 'potent Trojan cocktail' to unsuspecting users

A new SQL injection attack has already snared over 50,000 legitimate web sites, and threatens to cause havoc for innocent internet users, according to new research from ScanSafe.

The security-as-a-service firm said in a blog post that it first detected the problem on Friday.

Further reading

The attack exploits poor coding to insert a malicious iframe on the sites. When visited by a user, an infected site will begin to download what ScanSafe senior security researcher Mary Landesman described as "a potent Trojan cocktail consisting of backdoors, password stealers and a downloader".

The number of infected sites now stands at around 57,000, having jumped by around 9,000 in the past few days.

"These are smaller business sites which unfortunately don't have the aggressive support staff of their larger cousins but, when taken collectively, get very good traffic," she said.

Landesman advised firms to look for information on how to prevent such attacks on the web, where there are even scanning tools to help detect whether there are malicious iframes on a site.

"There is a great deal of information available to small web site operators. It's not something you need to hire expensive consultants to help with. If you've got moderate computer skills and can read and follow instructions, that should be enough, at least in terms of SQL injection attacks."

Microsoft's Developer Network has a useful article called Stop SQL Injection Attacks Before They Stop You.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Google logo (Robert Scoble Flickr)

EPIC looks to block Google privacy policy change

Related white papers

Related articles

Related jobs

Today's top stories

Nokia Lumia 800 and 710

Nokia to axe a further 4,000 jobs as cost-cutting drive continues

RIM BlackBerry Curve 9380 and Bold 9790

RIM beats Apple and Android for apps, says RIM exec

VMware logo

VMware updates vCloud with Integration Manager

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

98%

0%

1%

0%

1%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

IT Support Engineer / Analyst ( EPOS, Linux,SQL ) Hertfordshire

Support Engineer / Analyst ( 1st & 2nd line, EPOS...

Accounting Business Analyst/ Systems Accountant Bank London

Accounting Business Analyst/Systems Accountant (Back...

FX Technical Implementation Consultant FX FOREX Trading London

FX Technical Implementation Consultant/Business Analyst...

Graduate IT Application Analyst Banking London

Graduate IT Application Analyst required by my banking...

To send to more than one email address, simply separate each address with a comma.