Chinese injection attacks set to multiply

 

Gallery

By Barry Collins

Posted on 20 May 2008 at 16:58

Security researchers are warning of fresh waves of the SQL injection attacks that have already compromised thousands of western websites.

Click here to read the NEW PC Pro blog

Earlier today we reported how more than 9,000 websites had been struck by the Silent Love China attacks. The exploits can lead to the installation of a password-stealing trojan on PCs that visit the affected sites.

However, that may prove to be only the beginning of the attacks according to security experts ScanSafe. "The [Silent Love China] attacks have moved on and there's now a set of three other attacks," ScanSafe's senior security researcher, Mary Landesman, told PC Pro this afternoon. "They register multiple domains and change the domains being used."

Landesman fears the attacks - which are specifically targeted at English-language websites - could be a precursor for a much larger assault. "I certainly have concerns that the attacks are much more sinister," Landsman said. "The worst-case scenario is they're harvesting corporate login details."

Preventing attacks

This afternoon Google has started placing "This site may harm your computer" warnings against search results for some of the infected websites, in an attempt to minimise the damage caused to people who innocently stumble across the infected sites.

The majority of affected sites are what Landesman describes as "middle-tier sites", which have large volumes of traffic but don't necessarily have the security resources of the leading web giants.

"For a SQL injection attack to be successful, the fault lies with the web developer," she said. "If they were properly validating inputs, this wouldn't happen."

"Larger sites take immediate action, particularly if they are a publicly-traded company. They tend to resolve the issue that allowed it to occur to begin with, they're not repeat victims," she added.