SQL injection botnets now used for large-scale fraud
By Asavin Wattanajantra in Editorial
Posted in botnet, fraud, RSA on
In my last blog I wrote about how SQL injection attacks were used in the case in America where 130 million debit and credit card details were stolen.
To make things a little bit more clearer, SQL injection attacks are where an hacker attacks the database of a website and executes unauthorised commands by taking advantage of insecure code.
Albert Gonzales and others were alleged to have used this technique after researching their payment processing systems.
I asked RSA security expert Uri Rivner by email about how they would have used it to get such a large number of card numbers.
He said: “The SQL self-expanding botnet was a stroke of breakthrough creativity, and I’d say its timing was just right for the fraud community.
“In the past couple of years, Trojans - once the tools of the very savvy high end of cyber crime - have become cheaper and easier to use, but there was one thing missing: scale.
“In order to really capitalise on Trojan technology, fraudsters had to look for ways to distribute their malware to a huge amount of victims.”
He said that criminals now had the scalability they needed, and used the example of a mammoth phishing operation called RockPhish that had a change of heart and migrated to Asprox - an SQL injection botnet.
Tag cloud
Most commented posts
- Ten reasons why people are leaving MySpace
42 comments
- My Michael Jackson blog post
- Ten reasons why World of Warcraft is better than Second Life
- Facebook user arrested for poking somebody
- What should the staff writer have as his smartphone?
- Twitter didn't actually get hacked - Google did
- Microsoft sues firm for instant messaging spam
- Joining the sheep - I'm getting an iPhone
- Beware of hacked Facebook applications
- Reporting internet child abuse
Highest Rated Blog Posts
- Ten tips to avoid your satnav driving you over a cliff (100%)
- Does unfiltered internet 'disturb children'? (100%)
- The brain-controlled laptop computer (100%)
- Why Twitter is a better news tool than Digg (100%)
- Apple and its obsession with secrecy (100%)
- Twitter isn't for teenagers? It's common sense. (100%)
- Farming and becoming a Godfather with Facebook (100%)
- Orange and the iPhone - competition is a good thing (100%)
- Bendy phones straight out of the future (93.4%)
- How Pirate Bay sticks two fingers up at the industry (80%)

