Friday, January 8, 2010

Sophisticated Banking Trojans

SQL injection attacks are increasing dramatically

A trojan is traditionally a piece of software that the user has been tricked into installing. Once on the PC, it becomes a back door, letting the criminals steal information like passwords. But through, SQL injection, the latest Trojans can be delivered to a PC from a legitimate website, without any action by the user. How?

Criminals usually inject a Java script redirector into a legitimate website. When a user visits that website, he is unknowingly redirected to the criminal's website, which locates a vulnerability in his browser that allows the download of the Trojan onto his PC.

SQL injection attacks have increased dramatically. According to IBM X-Force Trend and Risk Report, they were seeing a few thousand SQL injection attacks a day last year, whereas now they see hundreds of thousands of these attacks each day.

These Trojan attacks are a threat to more than just banks and their customers. That's because any corporate website vulnerable to SQL injection can become a carrier of Trojans than then infect everyone who visits it. If your website is compromised by an SQL injection attack, then you end up putting your customers at risk.

No comments: