Adobe Sites Hit by Malware

Security firm finds two sites were compromised by an SQL injection.

Just weeks after a BusinessWeek Web site was hit by an SQL injection attack, comes news that Adobe has had to deal with two of its Web sites compromised the same way.

"I can confirm that the Adobe sites were affected," Richard Wang, manager of the US offices of security vendor Sophos Laboratories, told InternetNews.com. Sophos discovered the compromised sites.

Adobe did not respond to requests for comment by press time. Wang said after Sophos contacted Adobe, the software company said issues at both of its Web sites had been cleaned up; a statement confirmed by Sophos in a follow up check that found them "clean" and no longer at risk.

Security experts told InternetNews.com that the increasing use of Web 2.0 capabilities are making such attacks commonplace, and that hackers are tweaking their tools to better hone their attacks.

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. That vulnerability occurs when user input is either incorrectly filtered or not strongly typed, meaning that there are weak or no restrictions on how operations with values having different data types can be mixed.

One of the Adobe (NASDAQ: ADBE) Web sites infected was its Vlog It support section, an area providing tips for video bloggers. Sophos today notified users about this.

The other infected Adobe site Sophos discovered is Serious Magic. Adobe acquired Serious Magic, which produces high-quality video and communication software, in October 2006.

The shadow of Asprox

The Vlog It site was affected by malware known as Mal/Badsrc-C. It was delivered by a botnet known as Asprox, which was also used in the attack on Adobe's Serious Magic site.

Botnets are networks of hijacked computers used to send malware. American authorities take the issue of botnet creation seriously, and a federal grand jury recently charged Brazilian Leni de Abreu Neto for his alleged involvement in a botnet ring.

Security vendors have been watching the Asprox botnet closely because "we've seen the Asprox botnet changing," Ryan Barnett, director of application security at Web security vendor Breach Security, told InternetNews.com. "When it came out, it targeted Microsoft-based Websites, with asp or asp.net on the front and Microsoft SQL Server on the back end."

Now, "it doesn't really matter what the front end Web technology is -- PHP, Java, as long as you have a Microsoft (NASDAQ: MSFT) back end database with user permissions that are too wide and SQL query constructions that are not set up properly, you can get infected," Barnett said.

Attacks on Microsoft-based Web sites with asp or asp.net were so common at one time that Microsoft issued an advisory on this in June. The problem, Microsoft said in the advisory, was with sites that "do not follow secure coding practices for accessing and manipulating data stored in a relational database."

Next page: "SQL injections are a huge problem."

(Page 1 of 2)

TAGS: security,Google,malware,botnet,Adobe

Security News Solutions

Comment and Contribute

    (Maximum characters: 1200). You have 1200 characters left.



    Security News| Contact Richard Adhikari | Back to top

    Click the Join button below to sign up to our newsletter!