SQL Injections Looming on Private and Public Websites
According to the X-Force security team of IBM, recent months have seen online assaults against databases, using the technique of SQL injection.
An SQL injection attack involves the insertion of malware into an application to make the program issue illegitimate SQL commands so that the attacker can gain control over it for carrying out his sinister operations.
These assaults apparently target websites of both private and public sectors across the world. There is no uniform security standard that is followed by everyone. Said security researcher Tom Cross at IBM that some of the government agencies are highly sophisticated; they usually have enormous amount of money as security budget, and perform a perfect security task. Conversely, other agencies aren't that much sophisticated as they use vulnerable Web applications that expose them to attacks, Cross noted. Government Technology reported this on December 16, 2009.
Cross further said that the bad guys' primary goal is to compromise the maximum number of PCs possible, add them to their botnets and then sell off the bot-infected computers for black.
Earlier, during May 2008, users of IBM experienced approximately 2,500 SQL injection assaults daily. Subsequently, by the middle of 2009 summer, according to Cross, the company's products were encountering an average of 600,000 attacks against databases every day. SecurityFocus reported this on December 14, 2009.
Disturbingly, these attacks represent software loopholes that people are aware of and want to disclose. Holes that are still undiscovered or are secret are not taken into account. This implies that the actual number of assaults is much larger than that disclosed.
Cross further stated that since the middle of 2008 hackers had determined the method of utilizing SQL injection on a wide scale to earn huge revenues. The massive rise in the total number of assaults corresponded with malicious websites that increased over five folds for IBM's Web crawlers.
This tendency suggests that there will be increasing fear among Web surfers of becoming infected with lawful websites that a database assault might have compromised.
While earlier, malware were often found on maliciously created websites, now they are encountered simply via accessing ordinary sites, Cross further added.
Related article: SoCal Computer Hack Traces to Watsonville
» SPAMfighter News - 26-12-2009