Michael Lazin on 5 Oct 2012 14:30:45 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Detecting SQL injection viruses


I think what you want is the noscript extension for firefox
On Oct 5, 2012 5:13 PM, "Eric H. Johnson" <ejohnson@camalytics.com> wrote:
>
> Huh, It is coming in through the local browser. It is other web sites that have been infected.
>
> Regards,
> Eric
>
>
>
> Matt Mossholder <matt@mossholder.com> wrote:
>
> Your best bet is always going to be getting rid of the root cause... fix the SQL injection vulnerabilities.
>
> Make sure ALL input is sanitized before you pass it to the DB.
>
> On Oct 5, 2012 4:19 PM, "Eric H. Johnson" <ejohnson@camalytics.com> wrote:
>>
>> Doug,
>>
>> We have been using Malwarebytes to get rid of it, but that is after the
>> fact. I was hoping for something that would intercept it before the machine
>> gets infected.
>>
>> What I recall reading about this is that they work by downloading an
>> encrypted payload with a random key, which defeats pattern matching. The key
>> is relatively short, so it has to guess keys until it gets it, at which
>> point it can then infect the machine.
>>
>> This isn't anywhere near my area of expertise, so I may well be way off
>> base.
>>
>> Regards,
>> Eric
>>
>>
>> > I have a client that is having a problem filtering out what I think
>> > from reading on the Internet are encrypted SQL injection viruses,
>> > which seems to defeat the pattern matching used by Symantec, McAfee, and
>> similar AV tools.
>> >
>>
>> Um... "encrypted SQL injection virus"?  What's that? :-)
>>
>> What it sounds like you're describing is standard malware.  Products like
>> Malware Bytes and Spotbot Search and Destory would be a good start.
>>
>>
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group         --        http://www.phillylinux.org
>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug