MITX - Massachusetts Innovation & Technology Exchange
Member Login
Username

Password

Forgot Password?

Print FriendlyPrint friendly version

September, 2008

Resolved 3 website security breaches called a “SQL Injection” attack

Recently we have resolved 3 website security breaches called a “SQL Injection” attack. A  “SQL injection” attack, is a security vulnerability, in which a website interacts with its underlying database to corrupt the database.

Symptoms:

When attempting to access a website, you will be unable to view a complete version of the home page.  After a lengthy delay in attempting to load the home page, you should receive a warning from Symantec Auto-Protect [see screen shot below], which indicated that the site was attempting to install a “Trojan horse”-type virus on the computer with which I was browsing the site. [You can see the details of the threat here on Symantec’s web site.]

A closer look at the source for the home page—as viewed from the workstation with which I attempted to access the site—reveals the following references to external JavaScript files [see text below in red], which were presumably either (a) inserted into the source files assorted on the web server, or (b) dynamically injected into the content stream being delivered from the website to the requesting computer.

Resolution:

We have very recently [that is, within the past two weeks] been working with three companies who have experienced a nearly identical attack, and—because the attack impacts the content of the database, rather than directly modifying the pages on the web server itself—rolling back the front-end code to a previous version [as your ISP has attempted to do] will not resolve the problem, as this code has not been directly modified by the hack.  Instead, resolving this issue requires that (a) the database be cleansed of the injected content, and (b) the original vulnerability be closed [either by modifying the front-end code, revising the database access logic, updating the security of the database itself, or a combination of these techniques]. 

In any event, this is certainly something that you will want to investigate immediately, and I would recommend that you forward this message to your webmaster [and/or any third-party providers of web site development or web hosting with whom your firm works] to apprise them that the site appears to have been compromised.

Protection/Prevention:

Resource Websites:  http://virtualizationreview.com/news/article.aspx?editorialsid=10141
Join Now!
Newsletter Signup
Contact Us
Resources On
Marketing
Media
Technology

Copyright © 2008 MITX | 222 Third Street, Suite 0300 | Cambridge, MA 02142 | Privacy Policy | info@mitx.org | Site designed and maintained by
Regular Page URL -- XML Page URL