SQL injection botnets now used for large-scale fraud
By Asavin Wattanajantra in Editorial
Posted in botnet, fraud, RSA on
In my last blog I wrote about how SQL injection attacks were used in the case in America where 130 million debit and credit card details were stolen.
To make things a little bit more clearer, SQL injection attacks are where an hacker attacks the database of a website and executes unauthorised commands by taking advantage of insecure code.
Albert Gonzales and others were alleged to have used this technique after researching their payment processing systems.
I asked RSA security expert Uri Rivner by email about how they would have used it to get such a large number of card numbers.
He said: “The SQL self-expanding botnet was a stroke of breakthrough creativity, and I’d say its timing was just right for the fraud community.
“In the past couple of years, Trojans - once the tools of the very savvy high end of cyber crime - have become cheaper and easier to use, but there was one thing missing: scale.
“In order to really capitalise on Trojan technology, fraudsters had to look for ways to distribute their malware to a huge amount of victims.”
He said that criminals now had the scalability they needed, and used the example of a mammoth phishing operation called RockPhish that had a change of heart and migrated to Asprox - an SQL injection botnet.
Not yet rated
Loading ...
Meeting EMC and RSA in Las Vegas (and watching the Goo Goo Dolls)
By Asavin Wattanajantra in Editorial
Posted in EMC, RSA, las vegas, Security on
Ah the press trip. The journalist’s reward for crap pay and long hours. And how about it - I’m going to Sin City tomorrow.
I’m covering the huge EMC World Conference in Manderlay Bay, so I’ll be hearing guys like Joe Tucci talking about storage for EMC and more interestingly for me thanks to my security beat Arthur Coviello talking about the security aspects for RSA.
Rated: 60% (2 votes)
Loading ...
Tag cloud
Most commented posts
- Ten reasons why people are leaving MySpace
42 comments
- My Michael Jackson blog post
- Ten reasons why World of Warcraft is better than Second Life
- Facebook user arrested for poking somebody
- What should the staff writer have as his smartphone?
- Twitter didn't actually get hacked - Google did
- Microsoft sues firm for instant messaging spam
- Joining the sheep - I'm getting an iPhone
- Beware of hacked Facebook applications
- Reporting internet child abuse
Highest Rated Blog Posts
- Ten tips to avoid your satnav driving you over a cliff (100%)
- Does unfiltered internet 'disturb children'? (100%)
- The brain-controlled laptop computer (100%)
- Why Twitter is a better news tool than Digg (100%)
- Apple and its obsession with secrecy (100%)
- Twitter isn't for teenagers? It's common sense. (100%)
- Farming and becoming a Godfather with Facebook (100%)
- Orange and the iPhone - competition is a good thing (100%)
- Bendy phones straight out of the future (93.4%)
- How Pirate Bay sticks two fingers up at the industry (80%)
