Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

SQL Injections Looming on Private and Public Websites

According to the X-Force security team of IBM, recent months have seen online assaults against databases, using the technique of SQL injection.

An SQL injection attack involves the insertion of malware into an application to make the program issue illegitimate SQL commands so that the attacker can gain control over it for carrying out his sinister operations.

These assaults apparently target websites of both private and public sectors across the world. There is no uniform security standard that is followed by everyone. Said security researcher Tom Cross at IBM that some of the government agencies are highly sophisticated; they usually have enormous amount of money as security budget, and perform a perfect security task. Conversely, other agencies aren't that much sophisticated as they use vulnerable Web applications that expose them to attacks, Cross noted. Government Technology reported this on December 16, 2009.

Cross further said that the bad guys' primary goal is to compromise the maximum number of PCs possible, add them to their botnets and then sell off the bot-infected computers for black.

Earlier, during May 2008, users of IBM experienced approximately 2,500 SQL injection assaults daily. Subsequently, by the middle of 2009 summer, according to Cross, the company's products were encountering an average of 600,000 attacks against databases every day. SecurityFocus reported this on December 14, 2009.

Disturbingly, these attacks represent software loopholes that people are aware of and want to disclose. Holes that are still undiscovered or are secret are not taken into account. This implies that the actual number of assaults is much larger than that disclosed.

Cross further stated that since the middle of 2008 hackers had determined the method of utilizing SQL injection on a wide scale to earn huge revenues. The massive rise in the total number of assaults corresponded with malicious websites that increased over five folds for IBM's Web crawlers.

This tendency suggests that there will be increasing fear among Web surfers of becoming infected with lawful websites that a database assault might have compromised.

While earlier, malware were often found on maliciously created websites, now they are encountered simply via accessing ordinary sites, Cross further added.

Related article: SoCal Computer Hack Traces to Watsonville

ยป SPAMfighter News - 26-12-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next