SQL Injection Technique is Hacker's Best Friend, Says Security Firm

While some are still evaluating the threat caused by SQL injection technique, security firm Sophos released a security threat report that underlines the fact that this technique is currently the favourite method used by hackers to infect computers.

The document showed that for the first six months of 2008, there were over 11 million samples of malware in the wild, with one being detected every five seconds, and that 90 percent of websites that were caught spewing trojans were actually legitimate business websites with most of them being infected by SQL injection technique.

Asprox uses the same technique to infect thousands of UK websites and although it is quite an old malware toolkit, many websites have been caught ill-prepared and were transformed into trojan and keyloggers distributors.

Graham Cluley, senior technology consultant at Sophos, warned firms that they should be more careful about monitoring their computers, networks and websites more carefully.

Hackers and cyber-criminals have apparently given up on spreading malware via email, mainly because anti spam technology is now mature enough to fend off most attacks; they are instead turning to other vectors like websites and IM.

The report also pointed out to the fact that Google's own blog publishing venture, Blogspot, currently accounts for two percent of the world's web-based malware in 2008.