SQL injection attacks are increasing dramatically
A trojan is traditionally a piece of software that the user has been tricked into installing. Once on the PC, it becomes a back door, letting the criminals steal information like passwords. But through, SQL injection, the latest Trojans can be delivered to a PC from a legitimate website, without any action by the user. How?
Criminals usually inject a Java script redirector into a legitimate website. When a user visits that website, he is unknowingly redirected to the criminal's website, which locates a vulnerability in his browser that allows the download of the Trojan onto his PC.
SQL injection attacks have increased dramatically. According to IBM X-Force Trend and Risk Report, they were seeing a few thousand SQL injection attacks a day last year, whereas now they see hundreds of thousands of these attacks each day.
These Trojan attacks are a threat to more than just banks and their customers. That's because any corporate website vulnerable to SQL injection can become a carrier of Trojans than then infect everyone who visits it. If your website is compromised by an SQL injection attack, then you end up putting your customers at risk.