WWW security getting impossible
Traditional security systems may be ineffective and become obsolete in warding off Web attacks launched by countries, according to Val Smith, founder of Attack Research. New attack trends include blog spam and SQL injections from Russia and China, Smith said during his talk at the Source Boston Security Showcase on Friday.
"Client-side attacks are where the paradigm is going," Smith said. "Monolithic security systems no longer work."
Additional SQL injections failed, so the hackers searched the system for another exploit. They found a library application that allows images to be uploaded. Hackers uploaded a GIF file with a line of code contained in the image. The computer system read the GIF tag and uploaded the photo and automatically executed the code........
Attackers targeted high-traffic sites with blog spam and posted comments on blogs, he said. The comments looked odd and tended to have non-English phrases placed in large blocks of text with random words hyperlinked, he said. Clicking on such links took users to sites that seemed like blogs but were pages loaded with malware, Smith said.
A Chinese bank owned the domains for each malware site, but the IP (Internet Protocol) addresses traced to Germany. Studying the links revealed that each one contained words in Russian or Romanian, said Smith. By placing an international spin on their nefarious activities, the hackers hoped to confuse anyone investigating their work, he said.......
Smith's investigation traced the attacks to a home DSL account in Russia. The international nature of the incident made prosecution unlikely, he said.........
Hackers "targeted an app that is custom-written, in-house, and launched a specific attack against that app," Smith said.
Hackers eventually placed "iFrame" HTML code on every page of the company's Web site. The iFrames redirected the victim's browser to a server that infects the computer using a tool called "MPack." This tool profiled a victim's OS and browser and launched attacks based on that information.
The result is that victims are getting hit with multiple attacks, said Smith.
Today, SQL injection attacks are the top threat to Web security, said Ryan Barnett, director of application security at Breach Security, in an interview separate from the conference.
Last year, cybercriminals began unleashing massive Web attacks that have compromised more than 500,000 Web sites, according to the security vendor.
We told you so:
Labels: WWW security getting impossible