News Web Server Security Phishing Database Security Application Server Security Library Vulnerability Archive Secure Development Web Services Pen Test AJAX Application Firewalls
Main -> Internet Security News
TOPIC'S
Advertising
Old News
About
Resume
Contact
FAQ
Irc
Links
Articles
Translate
Interviews
Commentary
Books
Demos
Papers
Downloads
Advisories
Contributions
Security Services
Submit News
Syndicated News


Hosting generously provided by
www.mv.com




Pick Your Language


Bots Use SQL Injection Tool in Web Attack and Rant
Posted 5/15/08 by Robert from the 'catching the public up to speed' department

"The Asprox botnet, a relatively small botnet known mainly for sending phishing emails, has been spotted in the last few days installing an SQL injection attack tool on its bots. The bots then Google for .asp pages with specific terms -- and then hit the sites found in the search return with SQL injection attacks, says Joe Stewart, director of malware research for SecureWorks, who has documented his findings on the attack.

Stewart says the Asprox botnet’s SQL injection attack is likely a copycat of the recent SQL injection Website attacks from China, which deliver a Trojan that steals online gaming passwords. But this is the first SQL injection attack Stewart has seen using a botnet and a toolkit to do the dirty work. Asprox so far has infected over 1,000 Websites this way, he says.

“I’ve seen bots get other types of infection tools, but not SQL injection” tools, Stewart says. “It’s almost like they noticed the Chinese[-based] attack and copied their code into their own binary for their own attack... The hacks are so similar to the way the other SQL injection attacks are going." - DarkReading

3-4 years ago when I worked at SPI Dynamics (now HP) two PoC tools had been created for internal security research. They didn't do anything malicious just test the concept of using search engines to find hosts and test them for a sql error message. These tools worked so well in finding 'suspect' hosts that while it was very cool/scary, we decided speaking about it to the public was a bad idea. It was only going to have negative affects and we didn't want to be accountable for introducing this extremely handy method to the attackers as we knew how large the problem was. 3-4 years later this is the 'new' toolkit to have on the block. This makes me wonder what is being discovered now that we won't be hearing about for another few years.

This is hardly the last you'll be hearing about search engine hacking. (what newbies now call google hacking)

Article Link: http://www.darkreading.com/document.asp?doc_id=153921&WT.svl=news1_2
Link to this Story: Bots Use SQL Injection Tool in Web Attack and Rant
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed
Discuss this article    Find Related Stories



External Links:
Copyright 2000-2007 Cgisecurity.com.
Providing Web Security news since 2000.
Information contained on this website may not be copied without explicit permission.
Best Viewed with Netscape.
Website Security Web Application Security solid state drives ebay cd players camera lens deals buy macbook air not work safe software security canon camera deals


Popular Links By Subject

Sponsored Link (Advertise)


Subscribe to CGISecurity.com



The Web Security Mailing List
  • [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • RE: [WEB SECURITY] [Off Topic] Judge Orders YouTube to Give All User Histories to Viacom
  • RE: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • Re: [WEB SECURITY] [Off Topic] Judge Orders YouTube to Give All User Histories to Viacom
  • Re: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • Re: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • RE: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • Re: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • Re: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • [WEB SECURITY] Announcing WAFReviews.com

    • Contact us
    Post News, get linkage!

    Name

    Email or Homepage:

    Subject

    Finish the word below: deadb33f

    Body