Adobe Sites Hit by Malware

Page 2 of 2

"SQL injections are a huge problem, and they need to be addressed at the Web and database layers, and you need to encode the outbound data properly," Barnett said. "Then there's cross site scripting where the bad guys inject JavaScript into a Web site somewhere so it executes when it goes out to client pages."

Together, SQL injections and cross site scripting account for "about 60 percent" of all Web site attacks, Dave Marcus, director of security research and communciations at security vendor McAfee, told InternetNews.com. "They're usually Number One and Number Two," he added.

Adobe is "not alone" in having vulnerable Web sites, and these flawed sites are found quickly because "hackers are using automated tools to scan Google (NASDAQ: GOOG) for pages vulnerable to injection commands," Marcus said. When a page is found, it is automatically infected, he added.

That kind of automated search is possible "because it's a by-product of the fact that it's a Web 2.0 world out there, which means there's lots of cross site scripting and SQL back ends," Marcus said.

He recommends that anyone setting up a public-facing Web site must "look at code and application auditing" because, otherwise, "you'll get owned and your site will be used to distribute malware."

(Page 2 of 2)

Security News Solutions

Comment and Contribute

    (Maximum characters: 1200). You have 1200 characters left.



    Security News| Contact Richard Adhikari | Back to top

    Click the Join button below to sign up to our newsletter!

    By submitting your information, you agree that itchannelplanet.com may send you ITchannelplanet offers via email, phone and text message, as well as email offers about other products and services that ITchannelplanet believes may be of interest to you. ITchannelplanet will process your information in accordance with the Quinstreet Privacy Policy.