Mass SQL injection attacks still scaling up

Share this article:

The mass SQL injection attacks that gained attention earlier this week are continuing, with some 210,000 pages infected so far.

All of the attacks are coming from IP addresses based in China, Amichai Shulman, CTO of database security firm Imperva, told SCMagazineUS.com Thursday. 

“This is something unique, as usually attacks of this nature come from infected bot PCs based all over the world rather than in one country,” he said. “In this latest wave, we have recorded the attack coming from more than 60 servers based in China, attacking sites around the world, rather than the global network typically seen in such attacks.”

The attack works in two stages. The first is to infect the target web pages, and then when visitors browse to the infected pages, malware is downloaded to their machines.

“They have a counter to tally the number of infected machines, and as of Wednesday, the number was up to 1.25 million downloads of the malware,” Shulman said.

There are different regional attacks taking place, but all are infecting English-language websites. The malware involved appears to have been compiled on a Chinese-language computer, Mary Landesman, ScanSafe's senior security researcher, told SCMagazineUS.com Thursday.

“Collectively, the number of pages infected can be found by searching for the malicious IFRAME that has been implanted on the pages,” she said.

What's the motive behind these attacks? It could be anything, but Shulman said he thinks it may be the start of another botnet.

“It looks like it is part of a botnet," he said. "The first thing the malware does is communicate with a command-and-control center."

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.