SQL Attacks - Half a Million Sites Already Owned
According to the Web Hacking Incidents Database (WHID) 2008 Annual Report issued by security appliance maker Breach Security on Tuesday, SQL threats that dropped malware onto affected sites far outnumbered any other type of attack rearing its head on the Internet last year.
The majority of the SQL injection campaigns delivered botnet programs onto machines infected by the sites they compromised, allowing the parties behind the attacks to use the devices to a number of different ends, from distributing spam to launching additional malware threats, the company said.
By cutting out a good deal of the manual research required of attackers in previous campaigns, the emergence of the "mass SQL injection bots" triggered an eruption of outbreaks, Breach maintains.
Breach Security Labs specifically tracked three major SQL-driven bots in 2008:
-Nihaorr1 Mass SQL Injection Bot
-Asprox Mass SQL Injection Bot
-Mass SQL Injection Bot Evolution
The techniques used by the involved attackers mix together a powerful cocktail of hacking and malware authoring expertise, the experts noted.
Breach also highlighted another "notable attack methodology shift" in the fact that rather that targeting sensitive data in site databases, the threats were largely meant to victimize site visitors.
As the firm points out, the 2008 results should serve notice that infected URLs have really and truly become the most dangerous force in the world of cybercrime.
And that SQL injection, specifically, is the manner in which most of them are being corrupted.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.