Devastating SQL attack compromises 50,000 sites

A new SQL injection attack has already snared over 50,000 legitimate web sites, and threatens to cause havoc for innocent internet users, according to new research from ScanSafe.

The security-as-a-service firm said in a blog post that it first detected the problem on Friday.

The attack exploits poor coding to insert a malicious iframe on the sites. When visited by a user, an infected site will begin to download what ScanSafe senior security researcher Mary Landesman described as "a potent Trojan cocktail consisting of backdoors, password stealers and a downloader".

The number of infected sites now stands at around 57,000, having jumped by around 9,000 in the past few days.

"These are smaller business sites which unfortunately don't have the aggressive support staff of their larger cousins but, when taken collectively, get very good traffic," she said.

Landesman advised firms to look for information on how to prevent such attacks on the web, where there are even scanning tools to help detect whether there are malicious iframes on a site.

"There is a great deal of information available to small web site operators. It's not something you need to hire expensive consultants to help with. If you've got moderate computer skills and can read and follow instructions, that should be enough, at least in terms of SQL injection attacks."

Microsoft's Developer Network has a useful article called Stop SQL Injection Attacks Before They Stop You.