Matt Mossholder on 5 Oct 2012 13:52:49 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Detecting SQL injection viruses


Your best bet is always going to be getting rid of the root cause... fix the SQL injection vulnerabilities.

Make sure ALL input is sanitized before you pass it to the DB.

On Oct 5, 2012 4:19 PM, "Eric H. Johnson" <ejohnson@camalytics.com> wrote:
Doug,

We have been using Malwarebytes to get rid of it, but that is after the
fact. I was hoping for something that would intercept it before the machine
gets infected.

What I recall reading about this is that they work by downloading an
encrypted payload with a random key, which defeats pattern matching. The key
is relatively short, so it has to guess keys until it gets it, at which
point it can then infect the machine.

This isn't anywhere near my area of expertise, so I may well be way off
base.

Regards,
Eric


> I have a client that is having a problem filtering out what I think
> from reading on the Internet are encrypted SQL injection viruses,
> which seems to defeat the pattern matching used by Symantec, McAfee, and
similar AV tools.
>

Um... "encrypted SQL injection virus"? ÂWhat's that? :-)

What it sounds like you're describing is standard malware. ÂProducts like
Malware Bytes and Spotbot Search and Destory would be a good start.


___________________________________________________________________________
Philadelphia Linux Users Group     --    Âhttp://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion Â-- Â http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug