SQL Injection attack affected 200,000 ASP.Net sites

Hackers launched a successful SQL Injection attack that targets websites built using Microsoft’s ASP.Net platform and according to security researchers, around 180,000 sites have been affected.  The hackers planted malicious JavaScript on ASP.Net sites which caused the browsers to load an iframe using a remote site and attempt to load malware onto the individual’s computer without them knowing by using browser drive-by exploits.  With these exploits the person doesn’t need to open any files or click on anything for their computer to become infected.  The attackers are using known exploits which means that there are patches available so as long as anyone who visits the site is using a newer updated browser will not be affected and only those who are using outdated browsers that are unpatched can become infected.  Researchers at Armorize said that only a handful of antivirus programs are able to detect the malware that is loaded onto a computer during one of these drive-by exploits.  Microsoft has offered information on how to protect against SQL injection attacks and said that “any procedure that constructs SQL statements should be reviewed for injected vulnerabilities because SQL Server will execute all syntactically valid queries that it receives.”  Although this attack has affected almost 200,000 sites, as long as you use an up to date browser with all the patches and the latest version of Adobe PDF, Adobe Flash, or Java you should be fine.



One thought on “SQL Injection attack affected 200,000 ASP.Net sites

Comments are closed.