Skip to content

SQL Injection Redux

During my invited talk on web-based malware at USENIX Security, I mentioned SQL Injection as one of the more popular means of compromising web servers. Although I did not have a chance to post my slides, here is one graph that shows how many URLs with drive-by downloads due to SQL injection were found by Google's infrastructure in July 2008; it's over 800,000 URLs. Curiously, most of these were due to the Asprox botnet.

The situation has slightly changed since then, Asprox has become quiet and most of the SQL Injection attacks seem to originate from Chinese sites. One way to determine if a site has been injected with malicious content is the Safe Browsing diagnostic page which shows infection domains and also how many sites they compromised. Here is an example of a Chinese SQL injection domain,

To help web application developers, OWASP has published detailed guidelines on preventing SQL injection attacks. More importantly if your web site was SQL injected, its database needs to be cleaned to remove the injected content.
Categories: Malware, SpyBye
Defined tags for this entry: , , ,

LEET '09 Call for Papers

The CfP for the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '09): Botnets, Spyware, Worms, and More is up at:

LEET '09 will be held on April 21, 2009 in Boston, MA immediately before the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI '09), which will take place April 22–24, 2009.

Important Dates
  • Submissions due: January 16, 2009, 11:59 p.m. EST
  • Notification of acceptance: March 2, 2009
  • Electronic files due: March 30, 2009

This will be the second edition of LEET, which had evolved from the combination of two other successful workshops, the ACM Workshop on Recurring Malcode (WORM) and the USENIX Workshop on Hot Topics in Understanding Botnets (HotBots). These two workshops have each dealt with aspects of this problem. However, while papers relating to both worms and botnets are explicitly solicited, LEET has a broader charter than its predecessors. We encourage submissions of papers that focus on any aspect of the underlying mechanisms used to compromise and control hosts, the large-scale "applications" being perpetrated upon this framework, or the social and economic networks driving these threats.
Categories: News, Security, Systrace
Defined tags for this entry: , , ,

Sargons Schatz on Amazon

Earlier this year, I published the fantasy novel my father wrote 15 years. This was an interesting experience, as I had to do editing, layout and printing all by myself. To make it a proper book, I even registered an ISBN number and was surprised to find out that this was not sufficient to make it appear on any of the online book stores. However, Amazon has a program that allows one to enter any item into their catalog for approximately $50/year. So, I joined Amazon Advantage and anyone can buy Sargons Schatz at Amazon now. As this is a German book published in an English speaking country, I don't expect many prospective buyers - we will see.
Categories: Hacking, News
Defined tags for this entry: ,