Skip to navigation
   
Asavin Wattanajantra's Blog
RSS

SQL injection botnets now used for large-scale fraud

By Asavin Wattanajantra in Editorial

Posted in botnet, fraud, RSA on August 20, 2009 at 2:10 pm

Permalink | Author Profile

In my last blog I wrote about how SQL injection attacks were used in the case in America where 130 million debit and credit card details were stolen.

To make things a little bit more clearer, SQL injection attacks are where an hacker attacks the database of a website and executes unauthorised commands by taking advantage of insecure code.

Albert Gonzales and others were alleged to have used this technique after researching their payment processing systems.

I asked RSA security expert Uri Rivner by email about how they would have used it to get such a large number of card numbers.

He said: “The SQL self-expanding botnet was a stroke of breakthrough creativity, and I’d say its timing was just right for the fraud community.

“In the past couple of years, Trojans - once the tools of the very savvy high end of cyber crime - have become cheaper and easier to use, but there was one thing missing: scale.

“In order to really capitalise on Trojan technology, fraudsters had to look for ways to distribute their malware to a huge amount of victims.”

He said that criminals now had the scalability they needed, and used the example of a mammoth phishing operation called RockPhish that had a change of heart and migrated to Asprox - an SQL injection botnet.

12345
Not yet rated
Loading ... Loading ...

 

   
Tag cloud

worm Farmville password murder Sega illegal data breaches website PR brain Lewis hamilton music James Bond satnav mobile IM instant messaging teenagers update staff control fire cyber crime brainwaves uSwitch SQL injection video games alcohol science human clones app Firefox downloading fun malware hackers vote Mario Terminator virtual worlds crime ASA streaming top ten tips Dark Market journalism Google Reader RSS feed death Republicans Spotify swear words Hitwise crime map Google ENISA university of portsmouth legal Sonic David Blunkett IT PRO spam sightings funny paranoia BERTI medials robots old school internet broadband Klingon Mozilla offline smartphone Facebook phishing lapto browser hacking Google Maps growth YouTube Second Life pride tool MMORPG Digital Britain World of Warcraft video Clampi filters surveillance Microsoft replies DNS hatred phone future credit card data Pirate Bay ducks Twitpocalypse status Fraud FBI sony playstation Nintendo Sega Sinclair Spectrum gaming Mario Sonic Kindle privacy Christmas Wherecloud iPhone Beijing government Daily Mail opinion tech Transformers Bill Gates Nintendo bendy ID cards hack trend micro Olympics Scrabble Flurry RPG software remote working Mafia Wars Google flexible working unlimited Amazon Sophos kill military research Star Trek traffic eBooks morph Black Hat news flashmob hype pod casting NHS Friendfeed Digg Steve Jobs poking alibi multimedia cybercrime nokia rickrolling Apple Cisco Twitter Google Street View social media Kaminsky flaw DNSSEC BlackBerry pirate
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement