New SQL injection attacks more persistent

From InfoWorld: Massive website compromises using a technique known as SQL injection has long been a top security concern for Web developers and site owners. Now, the attacks may become harder to detect and prevent, according to one security firm's analysis.

Web security firm Armorize announced that it had detected a new type of mass SQL injection attack that uses a simple form of peer-to-peer networking to make the compromised network hard to take down. Historically, mass Web attacks are simple: Code written in the structured query language (SQL) is sent to the back-end Web database using a vulnerability in the site's code. When the security flaw is in a common application, the attack can compromise thousands of sites at the same time.

In the latest version of the attack, rather than injecting sites with a single static script that points visitor browsers to a handful of malicious download sites, the attackers create a dynamic script that sends visitors to a previously compromised Web server. The new technique makes blacklisting much harder, says Wayne Huang, president and chief technology officer of Armorize.

"We found that the infected websites form a big mesh -- everybody is injected with a malicious script that points to each other," says Huang. "Every infected website is serving as a redirector for one another. You can't blacklist anybody, because everyone is a redirector."

View: Article @ Source Site