Relentless Web Attack Hard To Kill 218
ancientribe writes "The thousands of Web sites infected by a new widespread SQL injection attack during the past few days aren't necessarily in the clear after they remove the malicious code from their sites. Researchers from Kaspersky Lab have witnessed the attackers quickly reinfecting those same sites all over again. Meanwhile, researchers at SecureWorks have infiltrated the Chinese underground in an attempt to procure a copy of the stealthy new automated tool being used in the attacks."
noscript (Score:5, Informative)
Re:Kaspersky (Score:4, Informative)
You're not supposed to run them at the same time. They fight for control and eventually stalemate. Uninstall AVG and reinstall Kaspersky, but by now you may have damaged your system configuration. Kaspersky is pretty brutal if it gets unhinged, but it's unstoppable if you get it configured correctly.
Re:Whatever happened (Score:3, Informative)
AFAICT, they are patching the hole, they're just finding even more holes of the same type.
Re:first post (Score:3, Informative)
Comment removed (Score:4, Informative)
Re:This disgusts me (Score:5, Informative)
You're right, you're no programmer. Go read up:
http://en.wikipedia.org/wiki/SQL_injection [wikipedia.org]
Prepared (or parametrized) statements are an easy and absolute defense against SQL injection attacks. The OP is right, the fact that such attacks still succeed is disgusting and inexcusable.
Comment removed (Score:3, Informative)
No, it's not. (Score:4, Informative)
Your're right to publicise a good product that I also use and reccommend. However:
Most people that get caught by malware don't understand all these arcane details.
Most people use IE, (no noscript here..) and blindly click 'OK' when they cannot see the porn.
Bad web sites / pages don't just install viruses.*
Re:noscript (Score:2, Informative)
SO WHY CAN'T YOU WHITELIST THE SITE THAT YOU HAVE TO SUPPORT? Along with any other sites you support?
Its not that hard to build up a whitelist. The first time you visit a "trusted" or regular site, add it to the white list. Does it have any subdomains, or "partner" domains that you also need to add? Go ahead and add them.
So many people complain about how NoScript breaks pages, but its really not that hard at all to setup a whitelist.
Now when your redirected/accidentally click on a link to dgdrklgdr.com/e3rer it can't run any javascript on your pc.
Re:Install a proxy (Score:4, Informative)
mod_security is a reactive security measure. It's blacklist based, which makes the classic error of attempting to "enumerate badness" [ranum.com].
While it's great if you've identified an existing threat to an application you cannot properly secure, it does nothing to protect you against future attacks using less obvious techniques.
mod_security alone is not an adequate solution. It's still necessary to proactively write secure applications in the first place, which means making sure you're never allowing raw, unfiltered/unescaped user data into places where it shouldn't go.
Re:noscript (Score:3, Informative)
Re:This disgusts me (Score:3, Informative)
Languages can make bad code harder or easier to write however. Its perfectly acceptable to blame a language if it makes it hard to do things the "right way." I'm not much of a PHP hater, but a lot of stuff that they've done with the language makes me roll my eyes.
Re:Big Picture (Score:3, Informative)
Sorry, I see we're talking about different user groups.
From the user perspective a virus scanner (and NoScript) will indeed protect you from installing malware on your computer, which may be downloaded from a hijacked website (XSS is a more common attack vector for that, but I've had an Invision forum hijacked via SQL injection too).
I was speaking more from the perspective of the web admin whose site gets defaced, who won't get around some lessons on secure input handling. ;)
Re:Kaspersky (Score:4, Informative)
Re:noscript (Score:1, Informative)
Easily fixable: about:config -> noscript.firstRunRedirection = false