Skip to navigation
   
Asavin Wattanajantra's Blog
RSS

SQL injection botnets now used for large-scale fraud

By Asavin Wattanajantra in Editorial

Posted in botnet, fraud, RSA on August 20, 2009 at 2:10 pm

Permalink | Author Profile

In my last blog I wrote about how SQL injection attacks were used in the case in America where 130 million debit and credit card details were stolen.

To make things a little bit more clearer, SQL injection attacks are where an hacker attacks the database of a website and executes unauthorised commands by taking advantage of insecure code.

Albert Gonzales and others were alleged to have used this technique after researching their payment processing systems.

I asked RSA security expert Uri Rivner by email about how they would have used it to get such a large number of card numbers.

He said: “The SQL self-expanding botnet was a stroke of breakthrough creativity, and I’d say its timing was just right for the fraud community.

“In the past couple of years, Trojans - once the tools of the very savvy high end of cyber crime - have become cheaper and easier to use, but there was one thing missing: scale.

“In order to really capitalise on Trojan technology, fraudsters had to look for ways to distribute their malware to a huge amount of victims.”

He said that criminals now had the scalability they needed, and used the example of a mammoth phishing operation called RockPhish that had a change of heart and migrated to Asprox - an SQL injection botnet.

12345
Not yet rated
Loading ... Loading ...

 

   
Tag cloud

crime BlackBerry nokia Mozilla Farmville funny Steve Jobs worm tool Google Maps brainwaves Digg medials human clones replies flaw Republicans Wherecloud spam mobile filters ducks opinion Dark Market Transformers ID cards update hatred YouTube science IT PRO swear words hackers Black Hat Second Life IM hype Twitter hacking satnav crime map Google pride Fraud alibi PR James Bond Friendfeed privacy future Apple death uSwitch social media phone David Blunkett DNSSEC vote teenagers Olympics offline eBooks cybercrime top ten tips Kaminsky Flurry Facebook Beijing tech smartphone trend micro pirate Star Trek Microsoft staff government MMORPG feed Cisco surveillance Mario Sophos malware ASA Kindle research Sonic robots Google brain virtual worlds bendy illegal morph Sega status instant messaging SQL injection RSS Amazon poking Bill Gates paranoia news Scrabble streaming legal university of portsmouth flexible working fun growth Daily Mail journalism video pod casting Twitpocalypse phishing video games sightings credit card data remote working control Christmas Google Reader downloading sony playstation Nintendo Sega Sinclair Spectrum gaming Mario Sonic unlimited World of Warcraft Mafia Wars ENISA website Firefox multimedia fire DNS Clampi Pirate Bay iPhone Nintendo internet cyber crime Terminator rickrolling RPG Spotify alcohol hack password flashmob Hitwise broadband FBI browser NHS BERTI Klingon Lewis hamilton app software murder old school Google Street View traffic music military lapto data breaches Digital Britain kill
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement