A new SQL injection attack has already snared over 50,000 legitimate web sites, and threatens to cause havoc for innocent internet users, according to new research from ScanSafe.
The security-as-a-service firm said in a blog post that it first detected the problem on Friday.
The attack exploits poor coding to insert a malicious iframe on the sites. When visited by a user, an infected site will begin to download what ScanSafe senior security researcher Mary Landesman described as "a potent Trojan cocktail consisting of backdoors, password stealers and a downloader".
The number of infected sites now stands at around 57,000, having jumped by around 9,000 in the past few days.
"These are smaller business sites which unfortunately don't have the aggressive support staff of their larger cousins but, when taken collectively, get very good traffic," she said.
Landesman advised firms to look for information on how to prevent such attacks on the web, where there are even scanning tools to help detect whether there are malicious iframes on a site.
"There is a great deal of information available to small web site operators. It's not something you need to hire expensive consultants to help with. If you've got moderate computer skills and can read and follow instructions, that should be enough, at least in terms of SQL injection attacks."
Microsoft's Developer Network has a useful article called Stop SQL Injection Attacks Before They Stop You.
Devastating SQL attack compromises 50,000 sites
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
The next generation of Cloud-iQ: A platform built for the reality of running a modern reseller business
Building higher tier service offerings with cost-effective, proactive monitoring
Promoted Content
Jabra launches PanaCast U30 video bar for easier BYOD meetings
Promoted Content
Kris Manché, Panel Expert at Index Brisbane
In the memory market that AI just broke, here’s what you must do now




