Security firm ScanSafe reported an automated attack using SQL injection has compromised tens of thousands of Web pages. The attack is conducting trough program that tries to upload a data-stealing Trojan horse program to visitors' computers.That Trojans include key logging (noting the keys struck on a keyboard) functionality, and are poorly recognized by most security software. Mary Landesman, security researcher for ScanSafe, says that SQL injection attacks are the most commonly observed compromise vector. Those kinds of attack become more popular in recent years. Last week, a federal indictment of a data thief in US stated that all victims (including Heartland Payment Systems and Hannaford Bros.) had initially been compromised through an SQL injection attack. Web attacks have been growing at the rate of 1 percent per day over the past year, with over half of all observed attacks the result of SQL injection. In 2008, about 20 percent of the 5,600 vulnerabilities entered into the NVD database (National Vulnerability Database) were related to SQL injection, according to the service's statistics page. The original new can be found on SecurityFocus website.
