Report: Web-Borne Malware Up 278% This Year

SQL injection attacks dominate first half of '08, and cross-site scripting (XSS) doesn't even make the list

Dark Reading Staff, Dark Reading

July 17, 2008

2 Min Read
Dark Reading logo in a gray background | Dark Reading

The multiple waves of mass SQL injection attacks this year on Websites -- including many high-profile legitimate ones like Wal-Mart, Business Week, and Ralph Lauren Home -- helped boost Web-borne malware volumes by 278 percent in the first half of this year, according to a new report from ScanSafe.

More than half of the malware detected by the Web security-as-a-service provider came from legit Websites rather than from notoriously scary or sketchy ones. And many of these Web attacks are silent and so tough to detect that many site operators have no clue their sites are lethal, and users often get infected without ever knowing it, according to the report.

SQL injection is the attack method of choice, too. In June, 76 percent of Website compromises were due to SQL injection attacks, followed by PHP includes (12 percent), so-called long-tail attacks that are engineered with stolen FTP credentials (7 percent), and others (5 percent). What about the most pervasive Web vulnerability, cross-site scripting (XSS)? “It’s certainly possible that XSS in some cases could be used to launch an SQL injection attack,” says Mary Landesman, senior security researcher for ScanSafe. “But in general, the bulk of the 2008 SQL injection attacks appear to be the result of non-browser-based automated tools -- not via browser-executed JavaScripts, which would be reflective of XSS,” for example. Landesman notes that some would argue that the outcome of an SQL injection attack is basically a persistent/static XSS attack. “Using that argument, maliciously embedded iFrames (even if done via direct upload as a result of compromised FTP credentials) could also be described as an XSS attack. This gets down to a matter of semantics. I don’t personally subscribe to the end result being described as an XSS attack, but I can agree that, fundamentally, it has the same impact,” she says. Most Web attacks try to install password-stealing malware and backdoor Trojans, which constituted about 4 percent of all malware detected by ScanSafe in January and, as of June, had climbed to 27 percent. Password stealers are often linked via IRC channels to the attacker, which then configures files that order what data the password stealer should grab.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Read more about:

2008

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Pegasus Spyware concept with binary code background
Endpoint Security
WhatsApp: NSO Group Operates Pegasus Spyware for CustomersWhatsApp: NSO Group Operates Pegasus Spyware for Customers
byJai Vijayan, Contributing Writer
Nov 18, 2024
4 Min Read
Laptop with Palo Alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events