Adobe Sites Hit by Malware

Page 2 of 2

"SQL injections are a huge problem, and they need to be addressed at the Web and database layers, and you need to encode the outbound data properly," Barnett said. "Then there's cross site scripting where the bad guys inject JavaScript into a Web site somewhere so it executes when it goes out to client pages."

Together, SQL injections and cross site scripting account for "about 60 percent" of all Web site attacks, Dave Marcus, director of security research and communciations at security vendor McAfee, told InternetNews.com. "They're usually Number One and Number Two," he added.

Adobe is "not alone" in having vulnerable Web sites, and these flawed sites are found quickly because "hackers are using automated tools to scan Google (NASDAQ: GOOG) for pages vulnerable to injection commands," Marcus said. When a page is found, it is automatically infected, he added.

That kind of automated search is possible "because it's a by-product of the fact that it's a Web 2.0 world out there, which means there's lots of cross site scripting and SQL back ends," Marcus said.

He recommends that anyone setting up a public-facing Web site must "look at code and application auditing" because, otherwise, "you'll get owned and your site will be used to distribute malware."

(Page 2 of 2)

Security News Solutions

Comment and Contribute

    (Maximum characters: 1200). You have 1200 characters left.



    Security News| Contact Richard Adhikari | Back to top

    Click the Join button below to sign up to our newsletter!