A fresh round of attacks aimed at
hiding malicious code on legitimate websites this week has
prompted warnings to companies to check the vulnerability of their
webservers.
The proportion of attacks carried out by injecting code based on
the database query language SQL has jumped to 59% from record
levels of 46% of blocked code in May, according to security
supplier Scansafe.
Research has shown the vast majority of websites are vulnerable
to SQL injection, said Steve Moyle, chief technology officer at
security firm Secerno.
Scansafe said only 2% of the SQL-injection-style attacks can be
detected using traditional signature-based methods.
Moyle said the only way to prevent these kinds of attacks is to
specifically block SQL injections, which are designed to get past
signature-detection methods.
Charlie Abrahams, EMEA vice-president for trademark monitoring
firm Markmonitor, said companies need to use a holistic approach to
stay ahead of criminals.
Earlier this month, Scansafe said more than two-thirds of
web-based malware is now found on
legitimate websites for organisations including Wal-Mart in the
US and the Royal Statistical Society in the UK.
Mary Landesman, senior security researcher at Scansafe, said the
security firm had seen a 121% increase in the number of malware
attacks this week.
She said the number of malicious networks was continuing to
increase with 54 different ones being recorded in the first 11 days
of June.
According to Landesman, many of the networks are previously
suspended domains that have been released with the result that some
of those involved in the late May and early June attacks are now
active again.
"Not only newly compromised sites are foisting the malware, but
any sites previously compromised that have not cleaned up their
pages and properly formatted their SQL queries will now once again
be serving as conveyor belts for password stealing trojans,"
Landesman said in her
blog.