| Newsflash | ||
|---|---|---|
|
||
| Nigella's site hacked by SQL injection |
|
|
|
Website of celebrity cook Nigella Lawson has been hacked using the SQL injection attack. An attacker has used a Structured Query Language (SQL) attack to add code to her website. This code then links Nigella website users to malware hosted on another website. The attack has been created using the Asprox toolkit, widely distributed by hackers. Researchers at ScanSafe first detected the attack on 14th July. Vistors to the Nigella site could potentially have an infected computer. With the malicious code, users would be silently directed from the website to a backdoor which could potentially download Trojans, password stealers and various other types of spam. SQL injection attacks have become the most common form of website compromise. High-profile websites should realise that they are an appealing target for these cyber criminals due to the high volume of visitors to the sites. Finjan is a rival of ScanSafe has reported that during the month of May it detected 1,000 other sites infected by the Asprox toolkit. Sites identified by Finjan include:
* atdmt.com, which Microsoft plans to acquire as part of Microsoft's Advertiser and Publisher Solutions Group How does the toolkit work? The attack toolkit firstly searches Google for webpages which have the .asp file extension. It then launches SQL injection attacks to append a reference to a file using the script tag, which makes it a highly dangerous tool. Microsoft has released a tool for scanning your ASP and ASPX code and identifying SQL Injection vulnerabilities. The tool can be downloaded from the Microsoft support site ref KB-954476. HP have also released a free version of their web security auditing tool specifically to check for SQL Injection. Name 'Scrawlr' the tool can be downloaded from the HP community website.
|
| < Prev | Next > |
|---|
