Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Imperva says new SQL injection attacks from China are ‘unique’

August 2009 by Imperva

Imperva, the data security specialist, has said the mass SQL injection attack infecting hundreds of thousands of web sites show some unique characteristics, as all the attacks stem from China.

“We have been tracking this specific attack for the past 4 weeks and all the IP addresses that the automated attacks have come from are based in China. This is something unique, as usually attacks of this nature come from infected BOT PCs based all over the world rather than in one country. The SQL injection attack vector us in the attack is by itself quite standard and has been in common usage for the past 18 months. Any descent Web Application Firewall should be able to detect it“ said Amichai Shulman, Imperva’s chief technology officer.

The Imperva CTO continued: “We are seeing a constant flow of attacks aimed at drive-by-download. Just in the past two month we have seen 3 different strands of such attack campaigns. In this latest wave we have recorded the attack coming from more than 60 servers based in China attacking sites around the world, rather than the global network typically seen in such attacks. Interestingly enough, 4 weeks into this attack campaign the malware distribution servers are still up and running.

The attack targets innocent visitors of the sites that have been hit, as it injects malicious IFRAME into these sites. Thus visitors are unknowingly downloading malware from China based servers while visiting such an infected site. Once infected by this malware, a user’s computer becomes a Zombie in a BOTNET that will later be used to distribute spam, participate in coordinated DDoS attacks or simply by used for extracting personal access credentials to other sites.

The Imperva CTO said that this type of SQL injection is one of the top five most popular attacks used by malicious hackers today and Enterprises should take appropriate external (web application firewall) and internal (code changes) to prevent their web servers becoming a source for distributing malware for cyber criminals.

Advice for enterprises:

· use application firewalls to protect themselves from infection

· use scanners and other tools to find and remove vulnerabilities in their website code

· ensure all application patches are implemented

Advice for individuals:

· ensure all browser updates are implemented immediately

· use the best technology to protect web browsing based on behavioural real-time technology

· implement all security signatures as soon as they are available


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts