• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Automated SQLi Attack Hijacks Over 1 Million Websites

January 6, 2012 By Corey Nachreiner

In past, malicious web sites seemed relegated to the “bad neighborhoods” of the Internet. If you weren’t surfing piracy, pornography, or hacking sites, you probably wouldn’t have randomly encountered websites serving malicious code back then. Unfortunately, that has changed.

Over the years, legitimate web sites have increasingly been hijacked, and booby-trapped with malicious code. If you visit such a site with an unpatched system, your computer may automatically and silently download and install some nasty malware. Lately, attackers have often hijacked thousands of web sites at once. What’s to blame for these mass web hijacks? More often than not; automated SQL Injection (SQLi).

According to researchers at SANS, an automated SQL injection (SQLi) attack dubbed Lilupophilupop has infected over one million websites (the strange name is based on a malicious domain the attack references). This latest bout of automated SQLi attacks targets Microsoft web frameworks (IIS servers using ASP.NET, with a MSSQL backend), and first surfaced in early December. Back then, the attack had only affected a handful of sites. However,  SANS’ latest research shows that it has spread to just over a million web sites today.

If you’d like to know more about this attack, you can find details about it, including the malicious SQL string it uses, in SANS’ early December post. That post also shares tips to help IIS administrators and web developers identify vulnerable pages on their site. It’s well worth a read.

In general, the best way to protect yourself from these sorts of web application attacks (whether automated or not)  is to have your developers learn how to follow secure coding practices for web applications. The Open Web Application Security Project (OWASP) is a fantastic resources for web developers to learn these practices. That said, sometimes the web frameworks you rely on will have their own vulnerabilities, which you can’t avoid (until you can patch). That’s why having a security appliance that can do application-layer security inspection, and has strong IPS, doesn’t hurt either.

As an aside, SQLi is a class of attack that many IT professionals have heard of conceptually, but some may not really get technically. Below, I’ve posted a demo video I created for one of my security presentations. It illustrates a very simple, manual SQLi attack. I use this simple SQLi example to help illustrate the concept behind them. You should check it out if you want a better idea how they can work.  Do know, however, today’s modern websites don’t suffer from such obvious examples of SQLi vulnerability as the one I demonstrate in this video. Modern websites still often suffer from SQLi flaws,they are just found in more complex places within today’s web applications. — Corey Nachreiner, CISSP (@SecAdept)

 

Share This:

Related

Filed Under: Security Bytes Tagged With: drive-by download, Lilupophilupop, sql injection, SQLi

Comments

  1. ghd hair straightener in mumbai says

    January 17, 2014 at 6:51 am

    I visit daily a few websites and sites to read content, however
    this blog provides feature based articles.

    Reply
  2. ghd straightener meaning says

    January 25, 2014 at 8:44 am

    If some one wishes expert view about blogging after that i recommend him/her to go
    to see this blog, Keep up the pleasant work.

    Reply
  3. Ghd hair straightener at boots says

    February 10, 2014 at 11:26 pm

    Aw, this was an exceptionally nice post. Spending some time and actual effort to generate a
    top notch article… but what can I say… I hesitate a lot and never seem to get nearly anything done.

    Reply
  4. michael kors handbags says

    March 11, 2014 at 8:00 pm

    What’s up to all, it’s actually a nice for me to goo to see this site, it
    contains priceless Information.

    Reply
  5. chi straighteners says

    April 28, 2014 at 8:54 am

    I create a leave a response when I especially enjoy a article on a website or if I have something to contribute
    to the discussion. Usually it is triggered by the
    sincerness displayed in the article I looked at. And on this article Automated
    SQLi Attack Hijacks Over 1 Million Websites | WatchGuard Security Center.
    I was actually excited enough to drop a commenta response ;
    -) I actually do have 2 questions for you if it’s
    okay. Is it simply me or does it look as if like a few of these comments appear like
    coming from brain dead people? 😛 And, if you are posting at additional online
    social sites, I’d like to keep up with you. Would you list all of all your community sites like your
    Facebook page, twitter feed, or linkedin profile?

    Reply
  6. http://www.chiflatiron-sale.com/ says

    May 3, 2014 at 2:16 am

    Your mode of telling everything in this piece of
    writing is in fact fastidious, every one be able to effortlessly know it, Thanks a lot.

    Reply
  7. Beats By Dre says

    May 15, 2014 at 3:40 am

    I enjoy what you guys tend to be up too. This
    kind of clever work and reporting! Keep up the awesome works guys I’ve included you guys to our
    blogroll.

    Reply
  8. std testing lincoln ne says

    July 1, 2014 at 3:13 am

    It is much much better to be educated about these conditions
    than to be ignorant of them. The outer levels of the skin turn out to be infected, ensuing in burning,
    itchy rashes. You must comprehend the severity of
    these illnesses.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use