Eric H. Johnson on 5 Oct 2012 14:13:11 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Detecting SQL injection viruses

Huh, It is coming in through the local browser. It is other web sites that have been infected.


Matt Mossholder <> wrote:

Your best bet is always going to be getting rid of the root cause... fix the SQL injection vulnerabilities.

Make sure ALL input is sanitized before you pass it to the DB.

On Oct 5, 2012 4:19 PM, "Eric H. Johnson" <> wrote:

We have been using Malwarebytes to get rid of it, but that is after the
fact. I was hoping for something that would intercept it before the machine
gets infected.

What I recall reading about this is that they work by downloading an
encrypted payload with a random key, which defeats pattern matching. The key
is relatively short, so it has to guess keys until it gets it, at which
point it can then infect the machine.

This isn't anywhere near my area of expertise, so I may well be way off


> I have a client that is having a problem filtering out what I think
> from reading on the Internet are encrypted SQL injection viruses,
> which seems to defeat the pattern matching used by Symantec, McAfee, and
similar AV tools.

Um... "encrypted SQL injection virus"? ÂWhat's that? :-)

What it sounds like you're describing is standard malware. ÂProducts like
Malware Bytes and Spotbot Search and Destory would be a good start.

Philadelphia Linux Users Group     --    Â
Announcements -
General Discussion Â-- Â
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --