Timeline: Outbreak! - The rise of the SQL infection

IT PRO has been watching and charting the progress of what is one of the biggest and most high profile web security threats of this year - the SQL injection.

The first six months of 2008 has seen a massive increase in SQL injection attacks, which can lead to legitimate websites we know and trust being compromised and infected with malware.

An SQL injection attack occurs when an attacker exploits weaknesses in the design of a website, gaining access and taking it over. Once in control of the database they will take data and add a malicious link. This usually takes the form of a drive-by download.

December 2006: Database attacks to increase in 2007

It was back at the end of 2006 when IT PRO first looked at the growing threat of the SQL injection attack. The chief executive of data security company Secerno Paul Davie predicted that by 2007, the SQL injection would become the number one attack vector on internet-facing systems.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

August 2007: Hackers deface UN website in protest

Around this time last year, there was an SQL injection attack which was more about vandalism rather than financial motivation, but nevertheless saw major potential for damage. At the time there was surprise that it affected such a high profile website, but as 2008 has seen it is now much more common for this to happen.

April 2008: Microsoft denies fault for massive SQL attack

Last April saw one of the most serious SQL injection attacks in history, with half a million web pages affected thanks to an automated attack taking advantage of website vulnerabilities. Microsoft themselves denied responsibility for the problem, but it did show the size of the possible threat as well at the potential for harm.

May 2008: Websites hit by silent love China attacks

Another 9,000 Western websites were compromised thanks to an attack believed to have been launched from China. The attacks took advantage of Real Player and Internet Explorer vulnerabilities to inject an iframe which loaded malicious content in this case a password stealing Trojan.

Advertisement - Article continues below

July 2008: NHS website affected by mass SQL Asprox' attack

IT PRO led with a story about an SQL injection attack caused by a Trojan toolkit called Asprox which worked by searching for Google pages which are ripe and vulnerable for an attack. Around a thousand websites were affected including many respectable and governmental organisations, included the official NHS website.

July 2008: One infected webpage every five seconds during 2008

The latest Sophos report showed very little hope of a solution to the increase in SQL attacks, confirming that SQL injection is one of the most dominant malware trends of 2008. The biggest problem was that many websites were not coded properly, and this was the vulnerability that allowed trusted places to get hit. Sophos claimed that the problem would only get worse in the next six months, and warned businesses to keep a close eye in keeping their online presences clean.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020