Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The cybercriminals behind Asprox have begun utilising its network of infected computers to carry out SQL injection attacks against vulnerable websites, security firms are warning.The latest wave of SQL injection attempts emanating from the Asprox botnet began last week, Jason Milletary, counter threat unit security researcher at managed security services vendor SecureWorks, told SCMagazineUS.com. “Asprox is fairly unsophisticated,” said Gunter Ollmann, vice president of research at enterprise security firm Damballa. “The SQL injection attacks it tries to launch are unsophisticated -- but it works.”Sometime during last week, Asprox bots began receiving instructions to run an internet search for web applications with vulnerable backend databases that could be susceptible to SQL injection, researchers said. The bots then attempted to inject a malicious IFRAME — or a small piece of HTML code — into these websites. “All the infected bots are receiving instructions and going and doing that -- running the same Google queries,” Ollmann said. “They get the same results back, so we often see vulnerable websites being attacked and having the malicious IFRAME inserted into their websites multiple times by the same botnet.” If a user visits one of the compromised websites, the IFRAME causes the user's web browser to be redirected to a distribution site that tries to exploit browser plug-in bugs to install malicious code on the user's system, Milletary said. The goal is to further build the Asprox botnet.Researchers said they are unsure how many websites have been compromised as a result of this attack. In a similar SQL attack wave from the Asprox botnet last May, more than 2,000 websites were infected. See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.