| |
Lizamoon SQL Injection Attack Downgraded
By Doug Caverly
Staff Writer
Article Date: 2011-04-05
Late last month, reports began to circulate about a large-scale SQL injection attack known as Lizamoon, and early figures made it look quite dangerous. Now, fortunately, a different method of measurement has indicated the threat isn't as serious as first thought.
To start at the beginning: a post on Websense's Security Labs Blog more or less set things off by stating on March 29th, "The LizaMoon mass-injection is a SQL injection attack that inserts the following line into the code of the page: According to a Google Search, over 226,000 URLs have been compromised."
Only Niels Provos, an engineer at Google, arrived at a different count this Sunday.
Provos explained, "For this analysis, I counted the sites that had a functioning reference to it, e.g. a script src=. Sites that escaped the script tag rendering it harmless were not counted. For Lizamoon, I aggregated the sites provided by the websense blog into a single measure . . ."
Then Provos stated, "The Lizamoon campaign started around September 2010 and actually peaked in October 2010 with ~5600 infected sites."
So although Lizamoon is apparently enjoying a revival of sorts, SQL experts should take some comfort in the fact that it's probably not the omnipresent virtual plague many people thought it to be. That should mean SQL's now at less risk of having its reputation damaged due to an association with hackers.
About the Author:
Doug is a staff writer for WebProNews. Visit WebProNews for the latest eBusiness news.
|
|
