SQL injection attacks dominate first half of ‘08, and cross-site scripting (XSS) doesn't even make the list

JULY 17, 2008 | The multiple waves of mass SQL injection attacks this year on Websites -- including many high-profile legitimate ones like Wal-Mart, Business Week, and Ralph Lauren Home -- helped boost Web-borne malware volumes by 278 percent in the first half of this year, according to a new report from ScanSafe.

More than half of the malware detected by the Web security-as-a-service provider came from legit Websites rather than from notoriously scary or sketchy ones. And many of these Web attacks are silent and so tough to detect that many site operators have no clue their sites are lethal, and users often get infected without ever knowing it, according to the report.

Posted by Sean Cannon in Virus & AntiVirus News at 11:42

If you visited www.SFgov.org over the last couple of weeks, better check your computer for infections.

A security vendor, Finjan, reported Wednesday that the city's Web site was one of over 1,000 sites treating visitors to malicious code.

Other sites caught up in this latest round of Web attacks include uci.edu (the University of California at Irvine's site); Snapple.com; a site registered to the Marysville, California's police department; an ad network--atdmt.com--acquired by Microsoft; and several international sites.

Posted by Sean Cannon in Virus & AntiVirus News at 10:40

G DATA (Germany), – The malware industry has shifted up a gear and, since the beginning of the year, has swamped the Internet with a malware flood of truly biblical proportions. On a daily basis some 1,500 new malware agents are unleashed against Windows users. In the first six months of the current year alone, G DATA Security Labs has recorded more than 318,000 new malware creations - more malicious code than in the whole of 2007, which was itself a record. If the growth rate remains the same, this would mean an increase of more than 400 percent by the end of 2008. By contrast, an all-clear for the owners of smartphones. The forecast danger for these devices has been shown to be a pure marketing ploy. Within the same period, only 20 new viruses surfaced. Online criminals do not currently regard smartphones as lucrative sources of income.


In 2008, the worldwide networking of online criminals finally bore its threatening fruit. In the G DATA 2008 semi-annual malware report, the Bochum IT security specialists give an insight into the current dangers for PC users.

Posted by Sean Cannon in Virus & AntiVirus News at 10:53

An screen name once connected to animated TV dad Homer Simpson is being used to spread malware.

In a 2003 episode of The Simpsons, writers revealed that Homer's e-mail address was chunkylover53@aol.com. Prior to the episode's airing, the address was registered by one of the show's writers, who used it to answer hundreds of e-mails from Simpsons fans.

Posted by Greg Hewitt-Long in Virus & AntiVirus News at 12:01