Security Bytes

Jul 16 2008   9:25AM GMT

SQL injection infects more high profile websites

Robert Westervelt Robert Westervelt Profile: Robert Westervelt


San Jose, Calif.-based Finjan Software Inc. has documented more than 1,000 unique websites falling victim to SQL injection attacks in the first two weeks of July.

Ayelet Heyman, a Finjan security researcher said the list of sites include a large number of government and top businesses. Some of the sites compromised include San Francisco’s official website, the City of Marysville Police Department, the Department of Culture and Tourism of the State of Bahia, Brazil, the National Health Service website in the UK, and Snapple Beverage Corp. The list goes on and on. In addition, Finjan found some advertisement networks directing people to compromised sites.

Heyman said the attack is being carried out by users of the Asprox toolkit. Clearly it’s getting easier and easier for non-techies to pull off a successful attack. All they have to do is buy a toolkit to begin spreading malware. The toolkit injects JavaScript code, which ultimately infects website visitors with a Trojan.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: