Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/17/2008
07:00 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Report: Web-Borne Malware Up 278% This Year

SQL injection attacks dominate first half of '08, and cross-site scripting (XSS) doesn't even make the list

The multiple waves of mass SQL injection attacks this year on Websites -- including many high-profile legitimate ones like Wal-Mart, Business Week, and Ralph Lauren Home -- helped boost Web-borne malware volumes by 278 percent in the first half of this year, according to a new report from ScanSafe.

More than half of the malware detected by the Web security-as-a-service provider came from legit Websites rather than from notoriously scary or sketchy ones. And many of these Web attacks are silent and so tough to detect that many site operators have no clue their sites are lethal, and users often get infected without ever knowing it, according to the report.

SQL injection is the attack method of choice, too. In June, 76 percent of Website compromises were due to SQL injection attacks, followed by PHP includes (12 percent), so-called long-tail attacks that are engineered with stolen FTP credentials (7 percent), and others (5 percent).

What about the most pervasive Web vulnerability, cross-site scripting (XSS)? “It’s certainly possible that XSS in some cases could be used to launch an SQL injection attack,” says Mary Landesman, senior security researcher for ScanSafe. “But in general, the bulk of the 2008 SQL injection attacks appear to be the result of non-browser-based automated tools -- not via browser-executed JavaScripts, which would be reflective of XSS,” for example.

Landesman notes that some would argue that the outcome of an SQL injection attack is basically a persistent/static XSS attack. “Using that argument, maliciously embedded iFrames (even if done via direct upload as a result of compromised FTP credentials) could also be described as an XSS attack. This gets down to a matter of semantics. I don’t personally subscribe to the end result being described as an XSS attack, but I can agree that, fundamentally, it has the same impact,” she says.

Most Web attacks try to install password-stealing malware and backdoor Trojans, which constituted about 4 percent of all malware detected by ScanSafe in January and, as of June, had climbed to 27 percent. Password stealers are often linked via IRC channels to the attacker, which then configures files that order what data the password stealer should grab.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • ScanSafe

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/14/2020
    Omdia Research Launches Page on Dark Reading
    Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
    Why Cybersecurity's Silence Matters to Black Lives
    Tiffany Ricks, CEO, HacWare,  7/8/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-14499
    PUBLISHED: 2020-07-15
    Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
    CVE-2020-14501
    PUBLISHED: 2020-07-15
    Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also ...
    CVE-2020-14503
    PUBLISHED: 2020-07-15
    Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
    CVE-2020-14497
    PUBLISHED: 2020-07-15
    Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
    CVE-2020-14505
    PUBLISHED: 2020-07-15
    Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection�) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that create...