Relentless Web Attack Hard To Kill

ancientribe writes "The thousands of Web sites infected by a new widespread SQL injection attack during the past few days aren't necessarily in the clear after they remove the malicious code from their sites. Researchers from Kaspersky Lab have witnessed the attackers quickly reinfecting those same sites all over again. Meanwhile, researchers at SecureWorks have infiltrated the Chinese underground in an attempt to procure a copy of the stealthy new automated tool being used in the attacks."

noscript

[Manfre]

NoScript is one of the best ways to avoid viruses that are distributed from the web.

Re:Kaspersky

[mfh]

Kaspersky is so brilliant, it locks up every time I try to do anything with it.

Then again, my AVG hasn't updated properly all week...

You're not supposed to run them at the same time. They fight for control and eventually stalemate. Uninstall AVG and reinstall Kaspersky, but by now you may have damaged your system configuration. Kaspersky is pretty brutal if it gets unhinged, but it's unstoppable if you get it configured correctly.

Re:Whatever happened

[compro01]

AFAICT, they are patching the hole, they're just finding even more holes of the same type.

Re:first post

[martinw89]

Don't worry, your "-1 fail"® moderation is being applied at this moment. Thank you for using Slashdot©, please come again.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:This disgusts me

[NNKK]

You're right, you're no programmer. Go read up:

http://en.wikipedia.org/wiki/SQL_injection [wikipedia.org]

Prepared (or parametrized) statements are an easy and absolute defense against SQL injection attacks. The OP is right, the fact that such attacks still succeed is disgusting and inexcusable.

Comment removed

[account_deleted]

Comment removed based on user account deletion

No, it's not.

[Bearhouse]

Your're right to publicise a good product that I also use and reccommend. However:

Most people that get caught by malware don't understand all these arcane details.

Most people use IE, (no noscript here..) and blindly click 'OK' when they cannot see the porn.

Bad web sites / pages don't just install viruses.*

Re:noscript

[RpiMatty]

SO WHY CAN'T YOU WHITELIST THE SITE THAT YOU HAVE TO SUPPORT? Along with any other sites you support?

Its not that hard to build up a whitelist. The first time you visit a "trusted" or regular site, add it to the white list. Does it have any subdomains, or "partner" domains that you also need to add? Go ahead and add them.

So many people complain about how NoScript breaks pages, but its really not that hard at all to setup a whitelist.

Now when your redirected/accidentally click on a link to dgdrklgdr.com/e3rer it can't run any javascript on your pc.

Re:Install a proxy

[merreborn]

mod_security is a reactive security measure. It's blacklist based, which makes the classic error of attempting to "enumerate badness" [ranum.com].

While it's great if you've identified an existing threat to an application you cannot properly secure, it does nothing to protect you against future attacks using less obvious techniques.

mod_security alone is not an adequate solution. It's still necessary to proactively write secure applications in the first place, which means making sure you're never allowing raw, unfiltered/unescaped user data into places where it shouldn't go.

Re:noscript

[Manfre]

I've been developing with ASP.NET (c#) since its initial beta and am very familiar with how it functions. This discussion would go a bit smoother if you would read a comment before replying to it. Noscript prevents javascript from loading on any site, until the site is explicitly given permission by the user. Approve your CRM domain(s), which will allow it to work properly. Then if it is compromised, noscript will block the javascript on the destination domain. If your server is compromised to the point where it is hosting exploits, then the IT staff needs to spend a bit more effort patching and locking things down. Noscript is not the only protection that should be used, but it greatly helps. It's like driving a car a little bit slower. You've still got a seatbelt to help keep you alive, but you should be less likely to hit something.

Re:This disgusts me

[Rycross]

Languages can make bad code harder or easier to write however. Its perfectly acceptable to blame a language if it makes it hard to do things the "right way." I'm not much of a PHP hater, but a lot of stuff that they've done with the language makes me roll my eyes.

Re:Big Picture

[Arancaytar]

Sorry, I see we're talking about different user groups.

From the user perspective a virus scanner (and NoScript) will indeed protect you from installing malware on your computer, which may be downloaded from a hijacked website (XSS is a more common attack vector for that, but I've had an Invision forum hijacked via SQL injection too).

I was speaking more from the perspective of the web admin whose site gets defaced, who won't get around some lessons on secure input handling. ;)

Re:Kaspersky

[Fulcrum of Evil]

Are you insane? Write parameterized SQL for all your queries and this just won't happen - setting your name to ';-- drop table users;' will just result in funky display logic.

Re:noscript

[Anonymous Coward]

It's really irritating because it always brings up their website every time it gets updated

Easily fixable: about:config -> noscript.firstRunRedirection = false