450,000 website hacks daily -
Robert Siciliano is a NextAdvisor.com Expert Guest Blogger
You could be surfing the net without care in the world, when you get a virus.
IBM Internet Security Systems 50% more web pages infected in the last quarter of 2008 compared to full year 2007.
discovered the infection is called a SQL injection . According to Wikipedia, a "SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer application."
In other words, SQL injection is a virus or a bug that affects an application that is not properly encrypted or secured. There are many different configurations of various software used to build and manage a website. An example would be the common WordPress blog platform that many use and was considered vulnerable. This 
is one of hundreds of applications that can be hacked in this way.
In 2005, a 3rd party late payment processor called CardSystems suffered a SQL injection, compromising a reported 40 million credit cards.
Since that time, criminal hackers have stepped up their efforts. SQL injections have changed in purpose and sophistication. Originally conceived as a tool to attack a base merchant data and steal data, the attack was reconfigured last summer to install viruses on users' computers that contain a remote control component.
Matt Chambers now IT Solutions said, "Web applications are one of the most outward facing components a corporation contains in its network design, and one of the least protected . applications typically take input information and send it to a database for storage and processing. We interact with these types of applications every day, whether a registration form or a login page for a favorite networking site. "
the attack on the user's PC is simple. This type of attack is often called a "drive-by" because sometimes all the user has to do is surf the site. Most attacks occur during common web tasks such as watching videos, listening to music or downloading files.
The unsuspecting PC user surfs an infected website and bam, the code is injected on their PC and they are infected. Their PC becomes part of a "botnet", which is a robot computer network specifically designed for piracy.
Bots, infected computers are also known as zombies. Zombies, as a result of SQL injection, usually have installed virus gives hackers control from anywhere in the world. The "botnet" may consist of computers 10, 10 000 or computers in the hundreds of thousands. Studies show that potentially are millions of zombies worldwide, many of botnets. 
Lax security practices by consumers and small businesses give scammers a base from which to launch attacks. Botnet hacker set up phishing sites targeting well known online brands. They send junk mail emails and install redirection services to transmit viruses, malware and keyloggers.
reportsUSA Today IBM Internet Security Systems blocked 5000 SQL injections every day in the first two quarters of 2008. By mid-year, the number had increased to 25,000 per day. In late fall, attacks climbed to 450,000 per day.
The key to protection against identity theft and prevent your computer from becoming a zombie is to engage each update for each browser and media player you use, keeping your system operational update and use of anti-virus software such as McAfee total protection. You should also consider a protection service against identity theft.
See the lecturer Robert Siciliano Identity Theft discuss SQL injections here.
Robert Siciliano is CEO of IDTheftSecurity.com, an expert on identity theft, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 and start-up companies as a consultant on product launches, branding, messaging, representation, SEO and media. the thoughts and advice of Siciliano on all these issues often appear in both television and print media news, including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of safety training as a member of the American Society for Industrial Security. He is the author of two books, including The Safety Minute: Living on high alert; How to take control of your personal safety and to prevent fraud . He also established a partnership with Uni-Ball to help raise awareness of the growing threat of identity theft and provide tips on how you can protect yourself.
0 comments:
Post a Comment