SQL Attacks

by Abubaker D

So my article is talking about Malware that are installed on people’s computers through Web Paging. Lately, there have been a large number of internet sites that have been compromised by SQL injection attacks. What happens is simple; the attack modifies the databases used by the sites so that they redirect the user to other sites that could serve them Malware. The attack is known as “Lizamoon”. Cisco Scansafe reports that Lizamoon has been part of an ongoing series of attacks they have been following for 7 months. In that time they observed 42 malware domains used in the attack. They claim the attacks have a high failure rate. What happens in the attack is that it installs a rogue Anti-Virus named Windows Satiability Center. The program reports problems on the computer and asks for payment for the “full version” to fix them.

This article is related to our class because it’s dealing with SQL injection attacks. I thought it would be helpful for students to know about this because it’s important to stay up to date with the different types of Malware that are out there and with types of SQL related attacks since we will be dealing with databases sooner or later in our work field.

I never thought that these Malware programs use SQL injection attacks to install those fake programs on a person’s computer. SQL is just really powerful. The more I read about it, the more I understand how it’s managed and used in the industry.

Larry Seltzer (2011). Many Web Sites Compromised in Attack, Serving Malware. Retrieved from http://securitywatch.pcmag.com/google/283529-many-web-sites-compromised-in-attack-serving-malware