More than 100,000 websites — including newspapers, police departments and other large institutions — have been poisoned by attacks from a Chinese IP address. These attacks spotlight major security flaws on websites that are not properly tested for simple coding errors.
The victimized sites — like those belonging to The Wall Street Journal and The Jerusalem Post — were infected using SQL injection attacks. Experienced hackers manipulated each site’s search or log-in bar to access the underlying code, making the legitimate pages redirect users to robint.us, where javascript applications attempted to infect PCs with malware.
Robint.us has since been disabled.
Thankfully, web developers and testers can easily identify and fix SQL vulnerabilities with proper coding.
For example, integration testing is an effective way to check for SQL problems. After developing a web application, don’t just run it as a specific unit — instead, integrate it onto your site and then test for coding flaws. To read more, check out this post by The Register.
Sophos, the cyber security company, has identified the malware as Mal/Behav-290.