In past, malicious web sites seemed relegated to the “bad neighborhoods” of the Internet. If you weren’t surfing piracy, pornography, or hacking sites, you probably wouldn’t have randomly encountered websites serving malicious code back then. Unfortunately, that has changed.
Over the years, legitimate web sites have increasingly been hijacked, and booby-trapped with malicious code. If you visit such a site with an unpatched system, your computer may automatically and silently download and install some nasty malware. Lately, attackers have often hijacked thousands of web sites at once. What’s to blame for these mass web hijacks? More often than not; automated SQL Injection (SQLi).
According to researchers at SANS, an automated SQL injection (SQLi) attack dubbed Lilupophilupop has infected over one million websites (the strange name is based on a malicious domain the attack references). This latest bout of automated SQLi attacks targets Microsoft web frameworks (IIS servers using ASP.NET, with a MSSQL backend), and first surfaced in early December. Back then, the attack had only affected a handful of sites. However, SANS’ latest research shows that it has spread to just over a million web sites today.
If you’d like to know more about this attack, you can find details about it, including the malicious SQL string it uses, in SANS’ early December post. That post also shares tips to help IIS administrators and web developers identify vulnerable pages on their site. It’s well worth a read.
In general, the best way to protect yourself from these sorts of web application attacks (whether automated or not) is to have your developers learn how to follow secure coding practices for web applications. The Open Web Application Security Project (OWASP) is a fantastic resources for web developers to learn these practices. That said, sometimes the web frameworks you rely on will have their own vulnerabilities, which you can’t avoid (until you can patch). That’s why having a security appliance that can do application-layer security inspection, and has strong IPS, doesn’t hurt either.
As an aside, SQLi is a class of attack that many IT professionals have heard of conceptually, but some may not really get technically. Below, I’ve posted a demo video I created for one of my security presentations. It illustrates a very simple, manual SQLi attack. I use this simple SQLi example to help illustrate the concept behind them. You should check it out if you want a better idea how they can work. Do know, however, today’s modern websites don’t suffer from such obvious examples of SQLi vulnerability as the one I demonstrate in this video. Modern websites still often suffer from SQLi flaws,they are just found in more complex places within today’s web applications. — Corey Nachreiner, CISSP (@SecAdept)
ghd hair straightener in mumbai says
I visit daily a few websites and sites to read content, however
this blog provides feature based articles.
ghd straightener meaning says
If some one wishes expert view about blogging after that i recommend him/her to go
to see this blog, Keep up the pleasant work.
Ghd hair straightener at boots says
Aw, this was an exceptionally nice post. Spending some time and actual effort to generate a
top notch article… but what can I say… I hesitate a lot and never seem to get nearly anything done.
michael kors handbags says
What’s up to all, it’s actually a nice for me to goo to see this site, it
contains priceless Information.
chi straighteners says
I create a leave a response when I especially enjoy a article on a website or if I have something to contribute
to the discussion. Usually it is triggered by the
sincerness displayed in the article I looked at. And on this article Automated
SQLi Attack Hijacks Over 1 Million Websites | WatchGuard Security Center.
I was actually excited enough to drop a commenta response ;
-) I actually do have 2 questions for you if it’s
okay. Is it simply me or does it look as if like a few of these comments appear like
coming from brain dead people? 😛 And, if you are posting at additional online
social sites, I’d like to keep up with you. Would you list all of all your community sites like your
Facebook page, twitter feed, or linkedin profile?
Your mode of telling everything in this piece of
writing is in fact fastidious, every one be able to effortlessly know it, Thanks a lot.
Beats By Dre says
I enjoy what you guys tend to be up too. This
kind of clever work and reporting! Keep up the awesome works guys I’ve included you guys to our
std testing lincoln ne says
It is much much better to be educated about these conditions
than to be ignorant of them. The outer levels of the skin turn out to be infected, ensuing in burning,
itchy rashes. You must comprehend the severity of