Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

SQL injection attacks could be boosted by mesh networks

Blacklisting infected websites could become much harder

Article comments

Massive website compromises using a technique known as SQL injection has long been a top security concern for web developers and site owners. Now, the attacks may become harder to detect and prevent, according to one security firm's analysis.

Web security firm Armorize announced that it had detected a new type of mass SQL injection attack that uses a simple form of peer-to-peer networking to make the compromised network hard to take down. Historically, mass web attacks are simple: Code written in the structured query language (SQL) is sent to the back-end web database using a vulnerability in the site's code. When the security flaw is in a common application, the attack can compromise thousands of sites at the same time.

In the latest version of the attack, rather than injecting sites with a single static script that points visitor browsers to a handful of malicious download sites, the attackers create a dynamic script that sends visitors to a previously compromised web server. The new technique makes blacklisting much harder, says Wayne Huang, president and chief technology officer of Armorize.

"We found that the infected websites form a big mesh, everybody is injected with a malicious script that points to each other," says Huang. "Every infected Web site is serving as a redirector for one another. You can't blacklist anybody, because everyone is a redirector."

Blacklisting is a problem. Armorize found that, of a sample of 700 sites that belonged to a compromised mesh network, only 20 percent of the sites had been blacklisted by Google for attempting to upload malicious code to users. Another 10 percent of the sites were compromised previously by a different attack and were blacklisted because of that rogue behaviour, the company said.

The company found that more than 20,000 sites from Alexa's top 1 million had the malicious script, "sidename.js" running on the server.

The current attack does have a weakness, points out Neil Daswani, co-founder and CTO of web anti-malware company Dasient. Cleaning up the malicious code from the infected sites will stop the code from being downloaded. Yet, that will only be true for a short while, he says.

"It will only be a matter of time before attacks like Sidename take on an even more resilient, peer-to-peer structure where infected sites source in malicious code from multiple additional infected sites so that an infected site will still serve drive-by downloads even if one or more of the sites that code is being sourced in from cleaned up," Daswani says.

The attack underscores that site owners need to do better security analyses of their sites, says Thomas Kristensen, chief security officer for Secunia. Most companies, however, will not tackle remediating expensive vulnerabilities in their websites unless it is a priority from executives, he says.

"Even though a lot of geeks think that, well, we really need to do something about our security, unless it is financially backed, nothing is going to happen," Kristensen says.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *