Imperva says new SQL injection attacks from China are 'unique'

(PresseBox) ( Redwood Shores, CA, )
Imperva, the data security specialist, has said the mass SQL injection attack infecting hundreds of thousands of web sites show some unique characteristics, as all the attacks stem from China.

"We have been tracking this specific attack for the past 4 weeks and all the IP addresses that the automated attacks have come from are based in China. This is something unique, as usually attacks of this nature come from infected BOT PCs based all over the world rather than in one country. The SQL injection attack vector us in the attack is by itself quite standard and has been in common usage for the past 18 months. Any descent Web Application Firewall should be able to detect it" said Amichai Shulman, Imperva's chief technology officer.

The Imperva CTO continued: "We are seeing a constant flow of attacks aimed at drive-by-download. Just in the past two month we have seen 3 different strands of such attack campaigns. In this latest wave we have recorded the attack coming from more than 60 servers based in China attacking sites around the world, rather than the global network typically seen in such attacks. Interestingly enough, 4 weeks into this attack campaign the malware distribution servers are still up and running.

The attack targets innocent visitors of the sites that have been hit, as it injects malicious IFRAME into these sites. Thus visitors are unknowingly downloading malware from China based servers while visiting such an infected site. Once infected by this malware, a user's computer becomes a Zombie in a BOTNET that will later be used to distribute spam, participate in coordinated DDoS attacks or simply by used for extracting personal access credentials to other sites.

The Imperva CTO said that this type of SQL injection is one of the top five most popular attacks used by malicious hackers today and Enterprises should take appropriate external (web application firewall) and internal (code changes) to prevent their web servers becoming a source for distributing malware for cyber criminals.

Advice for enterprises:

- use application firewalls to protect themselves from infection
- use scanners and other tools to find and remove vulnerabilities in their website code
- ensure all application patches are implemented

Advice for individuals:

- ensure all browser updates are implemented immediately
- use the best technology to protect web browsing based on behavioural real-time technology
- implement all security signatures as soon as they are available

For further insight into the attacks, go to Amichai Shulman’s blog at:

For more on Imperva:
Für die oben stehenden Pressemitteilungen, das angezeigte Event bzw. das Stellenangebot sowie für das angezeigte Bild- und Tonmaterial ist allein der jeweils angegebene Herausgeber (siehe Firmeninfo bei Klick auf Bild/Meldungstitel oder Firmeninfo rechte Spalte) verantwortlich. Dieser ist in der Regel auch Urheber der Pressetexte sowie der angehängten Bild-, Ton- und Informationsmaterialien.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an