ScanSafe

Client Login | International Users
Search


Podcast: SQL Injections Continues

ScanSafe, the pioneer and leading provider of SaaS (Software-as-a-Service) Web Security, reported that Nigella Lawson, the legendry British cook, has had her website (nigella.com) hacked by the increasingly dangerous SQL injection attacks.

In this instance an attacker has used a Structured Query Language (SQL) attack to add code to the website which then links to malware hosted on the Asprox fast flux network.

ScanSafe’s 24/7 scanners first detected the attack three days ago (14 July 2008). Anyone who has visited the site in this time period could potentially have an infected computer. Users would be silently directed from the website to a backdoor which could potentially download Trojans, password stealers and various other types of spam. This is putting the data of these users at extreme risk.

ScanSafe suggests that concerned Web surfers run their anti-virus scanning to ensure they have not been a victim of this attack.

Eldar Tuvey, CEO at ScanSafe comments “SQL injection attacks have become the most common form of website compromise, outpacing all other types of compromise by 212 percent. High profile websites such as Nigella Lawson’s must realise that they are becoming an appealing target for these cyber criminals.”

Tuvey continues “The compromise of legitimate and trusted websites has contributed to a 278 percent increase in Web-based malware for the first half of the year.”

ScanSafe has already protected 7 different companies from being infected by this website. ScanSafe has notified the website and is liaising with them to resolve this issue.