Adobe website suffers SQL injection attack

Visitors to the Adobe website were warned to be vigilant after security firm Sophos revealed that it had hosted malicious code which could infect visiting computers.

Sophos said that it had repeatedly tried to contact Adobe about the problem, with the malicious code present until last Thursday.

The vendor identified the threat Mal/Badsrc-C' as being present on the Adobe website's Vlog IT support centre section', an area which provides tips for video bloggers.Sophos said that Mac/Badsrc-C was a dangerous piece of malware which spread by infecting PCs with SQL injection. This downloaded malicious scripts from the net to infect users with spyware.

SQL infection has been an increasing problem this year, with many legitimate sites suffering web-based malware attacks.

Graham Cluley, senior technology consultant at Sophos, quoted a figure of over 90 per cent of web infections being found on legitimate sites.

He said: "Organisations need to wake up and ensure their websites are properly coded, and that security is in place to stop these kinds of attacks."

Sophos also discovered a new mobile virus called Troj/Konov-A, a Trojan horse which sent out SMS messages to premium rate numbers.

Adobe could not be reached for comment at the time of publication.