Virus warning (Asprox) not a urban legend

Anything for the public

Moderator: Admin

Virus warning (Asprox) not a urban legend

Postby Jokey Smurf » Thu Jul 24, 2008 10:13 am

The last couple of days a new virus have spread(actually a old, but not seen in this big scale before) , The Asprox botnet uses a SQL-injection attack tool to hack websites and add yet more hijacked PCs to its army

27-06-2008: Microsoft and HP have issued free tools to help determine whether a site is vulnerable to SQL insertion.

SQL insertion is a attack method that exploit the flaw in the programming of a web server communication with a database. There has been a large amount of automated attacks with SQL insertion of this year.

The tools solve three tasks: Discovery, protection and prevention.

To detect vulnerable sites can use HP's tool HP Scrawlr. It gives the tool a URL, which it considers all the links on the site. They checked as to whether we can deploy SQL commands and thus have direct access to the database.

For protection against attacks with SQL-paste can be used UrlScan if version 3.0 is now out of beta. It limits the types of HTTP requests IIS must deal with.

In order to prevent problems can analyze its ASP code with Microsoft Source Code Analyzer for SQL Injection. It tells whether there are security problems in the program.

The tools available for download from HP and Microsoft
taken from and translated via google.

HP Scrawlr :

UrlScan :

Microsoft Source Code Analyzer for SQL Injection :
User avatar
Jokey Smurf
True Smurf
Posts: 645
Joined: Mon Jun 02, 2008 6:10 pm
Location: Denmark-Copenhagen
Has thanked: 41 times
Been thanked: 6 times

Return to Public Smurf forum

Who is online

Users browsing this forum: No registered users and 2 guests