SQL Injection Infection Affects 520,000 Web Pages

April 28th, 2008 at 12:00 am

search engine

The Register reported a worrying article regarding a cyberattack on many supposedly secure web sites.

"Hackers have injected malicious code into hundreds of thousands of reputable web pages, turning them into launchpads for attacks that silently install malware on the machines of those who visit them. The UK’s Civil Service and the United Nations were among those who had been hacked." 

"The sophisticated mass infection that’s injecting attack code into hundreds of thousands of reputable web pages is growing and even infiltrated the website of the Department of Homeland Security." 

The malicious code / virus / SQL injection, is nothing new but its ability to obscure itself makes it way hard for anti-virus and anti malware software to stop it.  the injection is a single line of code in SQL which if nobody is looking for it, couldnt be found.

According to antivirus experts,  "These guys look like they’ve found a methodology to get a successful SQL injection generically across [many] websites," said Jeremiah Grossman, CTO of WhiteHat Security, which helps companies secure web applications. "That right there is like a skeleton key."

Moreover, "It’s the cleanup effort that’s just going to be monstrous," said Grossman, who said affected companies will have to either remove each overwritten table record one at a time, or revert to a recent backup. "Either way, it’s going to take forever."

Good luck.