Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say.
SECURITY QUIZ: How well do you know the insider threat?
A drive-by exploit will load malware without a visitor's knowledge or participation (no need to open a file or click on a link). Fortunately, the attackers are using known exploits, with patches available, so the attack can only be successful if a visitor is using an outdated, unpatched browser without the latest version of Adobe PDF, Adobe Flash, or Java.
Unfortunately, Armorize says that only a few of the most popular antivirus vendors can detect the dropped malware, according to the Virustotal web site. Virtustotal is a security monitoring service offered by Hispasec Sistemas that analyzes suspicious files and URLs. At this time, it says that 6 antivirus packages out of the 43 it monitors can detect this latest SQL injection attack. These are AntiVir, ByteHero, Fortinet, Jiangmin, McAfee, and McAfee-GW-Edition.
The attack is targeting users whose default browser language is English, French, German, Italian, Polish, or Breton. One of the sites accessed via the iframe is in Russia; the other is in the United States and is hosted by HostForWeb.com, Armorize says. Some of the planted malware accesses a site hosted in the United States, too.
Microsoft has been offering ASP.Net programmers information on how to protect against SQL injection attacks since at least 2005. In an article on MSDN that discusses preventing SQL injection attacks with SQL Server 2008 R2, Microsoft says, "Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker."
Companies running ASP.Net websites should validate that they have not become unwitting hosts of this latest attack.
Read more about wide area network in Network World's Wide Area Network section.
This story, "SQL injection attack has compromised nearly 200,000 ASP.Net sites" was originally published by Network World.