Imperva – China Launches New Wave of SQL Injection Attacks

Imperva, a data security company, has brought into public attention the rising number of SQL attacks launched against websites. The data security company has claimed that majority of these attacks seem to be emanating from China.

Amichai Shulman, Chief Technology Officer, Imperva, said that it had traced these attacks in the month of August and found all the automated attacks coming in from IP addresses located in China.

This discovery was really interesting in view of the fact that normally majority of botnet attacks evolve from different countries worldwide.
He further revealed that these attacks were mainly targeted against quick downloading sites. However, there is not much impact of them on consumers because majority of firewall Application products come with features of identifying SQL attacks and capable of preventing users from infection.

Security researchers have explained that the SQL attacks work in two phases. Firstly, they target web pages and when a user visits any of these web pages, malware gets installed on his system. Shulman said that SQL attack developers keep a record of number of infected PCs, and till August 26, 2009, the number of malware downloads tallied 1.25 Million.

Moreover, security researchers have expressed concern over the recent surge in SQL injection attacks from China due to their heavy concentration in the region as compared to the traditional campaigns in which botnet infrastructure around the world is used to decentralize the distribution of these attacks.

According to the researchers, they have found that SQL injection attacks are stemming from 60 different servers and all of them are located in China. As already noted, unlike the previous campaigns where attack were coming from different parts of the globe, this one is concentrated in China only. Another interesting thing of the attack is the consistent performance of the malware distribution servers for four weeks.

The motive behind launching these attacks could be anything. However, Shulman believed that they might be to establish a new botnet. As per the researchers at another security firm ScanSafe, the malware involved in these attacks are suspected to have been compiled on a computer running in Chinese language.

Related article: Inappropriate IT Decisions Leads to Security Dangers

» SPAMfighter News - 9/19/2009