Automated SQL Injection Critically Compromises Websites

According to Rapid7, a provider of security solutions to business organizations, on May 13, 2008, several Websites that came under SQL injection attack have been affected after their content got modified. This has resulted in malware installation onto all those computers that accessed those sites.

Security Researchers at Rapid7 said that these Websites were susceptible to SQL injection and those that were succumbed to hack with the use of this automated toolkit. Furthermore, by running a Google search for the malware-loaded server name, attackers could know the sites that had been already hacked.

In the attack using the "winzipices.cn" SQL injection, the target was on Web programs based on Microsoft's SQL Server and IIS Web server. It has affected over 50,000 Websites, including those of the US Department of Homeland Security, the United Nations, and the UK Government sites. The attack that requires no user interaction is made easy with Microsoft's SQL Server that permits standard commands without the need of explicit table-level arguments.

According to CTO, Tas Giakouminakis of Rapid7, since the SQL injection attack is automated, it represents a serious security problem for organizations using Microsoft IIS. As soon as an attacker is able to access the end-user's database via the injection, he could gain administrative privileges, and launch attack on the system's operating software that entertains the database, as reported by PrnewsWire on May 13, 2008.

Meanwhile, the researchers have said that the security issue is because of incorrect treatment of the data by the site's developers and not due to any particular Microsoft bug. The attack inserts a malicious JavaScript program into all the text component of the database. This JavaScript then appears on the site and downloads an external code that can snatch control of a user's computer.

These flaws thus allow hackers to comfortably access customer data and corporate networks. And since the attack is automated, the number of exploits would go on increasing, resulting in more attacks on servers.

Thus, researchers are advising end users, whose site might have been affected, to retrieve their database from their backup copies as well as review the code and ensure proper sanitation of all inputs.

Related article: Automated Malware Troubling Yahoo & Microsoft IM

» SPAMfighter News - 19-05-2008

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial