Re: [PLUG] Detecting SQL injection viruses

Michael Lazin on 5 Oct 2012 14:30:45 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Detecting SQL injection viruses

From: Michael Lazin <microlaser@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Detecting SQL injection viruses
Date: Fri, 5 Oct 2012 17:30:40 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=X8G9Nz41YIFnakeXdQ6QdxnPjxjpVy7RyQX3KRAwCcU=; b=YxkOJ5fnvXoHPswLniMK3iH05Z7GJ1B2Qath+AL07dS3b3/0SwKoJGTlSzPxjQnVC3 4GMpSchcT+zrGQKMcUZUxx4RDTQokuIjKOllZv1dTMUdJGsqMkgmsw8iszYjCXQUxRT2 tb+K9MwtW5i0Foa3wbsljQATZcOAq0dfvTeuxFmchdhtOKqwIFKxyVDt1PC1umIjXbrE tR3SfykL0mSc6dfFlqibXjIJ+LGxjGVnOt9bCyP1F6YVG8qxjzILVbsqiuhN1tPCL4rR /tMrOlG7RHBEczoppS1HjrwgYAdB2ppP4cv7mBk3PnvYsNW2Tpz6ufYm9Yqf/PdFbixd zmzw==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

I think what you want is the noscript extension for firefox
On Oct 5, 2012 5:13 PM, "Eric H. Johnson" <ejohnson@camalytics.com> wrote:
>
> Huh, It is coming in through the local browser. It is other web sites that have been infected.
>
> Regards,
> Eric
>
>
>
> Matt Mossholder <matt@mossholder.com> wrote:
>
> Your best bet is always going to be getting rid of the root cause... fix the SQL injection vulnerabilities.
>
> Make sure ALL input is sanitized before you pass it to the DB.
>
> On Oct 5, 2012 4:19 PM, "Eric H. Johnson" <ejohnson@camalytics.com> wrote:
>>
>> Doug,
>>
>> We have been using Malwarebytes to get rid of it, but that is after the
>> fact. I was hoping for something that would intercept it before the machine
>> gets infected.
>>
>> What I recall reading about this is that they work by downloading an
>> encrypted payload with a random key, which defeats pattern matching. The key
>> is relatively short, so it has to guess keys until it gets it, at which
>> point it can then infect the machine.
>>
>> This isn't anywhere near my area of expertise, so I may well be way off
>> base.
>>
>> Regards,
>> Eric
>>
>>
>> > I have a client that is having a problem filtering out what I think
>> > from reading on the Internet are encrypted SQL injection viruses,
>> > which seems to defeat the pattern matching used by Symantec, McAfee, and
>> similar AV tools.
>> >
>>
>> Um... "encrypted SQL injection virus"? What's that? :-)
>>
>> What it sounds like you're describing is standard malware. Products like
>> Malware Bytes and Spotbot Search and Destory would be a good start.
>>
>>
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group -- http://www.phillylinux.org
>> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
>
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
>

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Detecting SQL injection viruses
  - From: Sam Gleske <sam.mxracer@gmail.com>

References:
- Re: [PLUG] Detecting SQL injection viruses
  - From: "Eric H. Johnson" <ejohnson@camalytics.com>

Prev by Date: Re: [PLUG] Detecting SQL injection viruses
Next by Date: [PLUG] Speakers for North and West this month?
Previous by thread: Re: [PLUG] Detecting SQL injection viruses
Next by thread: Re: [PLUG] Detecting SQL injection viruses
Index(es):
- Date
- Thread