June Round up

Other than the continuing growth in volume (up to 20,000 malware samples a day!) the main issue for the past month or so is the vast numbers of websites compromised with SQL inject attacks.

Using search engines such as Google, attackers can identify and then attack vulnerable machines. The purpose of the attack is to insert malicious code into the database that is then used to create web pages. When users visit those pages, the browser is directed to a website hosting malware in the background. Vulnerabilities in an unpatched browser are then used to install the malware on the victim’s machines.

These attacks are widespread and are not just affecting small companies and personal websites, but large organisations as well, including well known brand names.
The impact is two fold, firstly of course are the users that end up having malware installed; the second victim is the reputation of the company that has been compromised.

All of this highlights the continuing need for vigilance, not just on the part of end users, but also on web site providers, whether corporate or service providers, to ensure that all applications and operating systems are patched and kept up to date.

To learn more about the scope of SQL injection attacks visit.

SQL Sorcery
Scramble! Scramble! SQL injection – time for an alert?
SQL attacks: now using .MOBI domains and installing scareware
Sony PlayStation site succumbs to SQL attack