Adobe Sites Hit by Malware

Just weeks after a BusinessWeek Web site was hit by an SQL injection (define) attack, comes news that Adobe has had to deal with two of its Web sites compromised the same way.

"I can confirm that the Adobe sites were affected," Richard Wang, manager of the US offices of security vendor Sophos Laboratories, told InternetNews.com. Sophos discovered the compromised sites.

Adobe did not respond to requests for comment by press time. Wang said after Sophos contacted Adobe, the software company said issues at both of its Web sites had been cleaned up; a statement confirmed by Sophos in a follow up check that found them "clean" and no longer at risk.

Security experts told InternetNews.com that the increasing use of < a href="http://www.internetnews.com/ec-news/article.php/3750786/Growing+Pains+for+Web+20.htm">Web 2.0 capabilities are making such attacks commonplace, and that hackers are tweaking their tools to better hone their attacks.

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. That vulnerability occurs when user input is either incorrectly filtered or not strongly typed, meaning that there are weak or no restrictions on how operations with values having different data types can be mixed.

One of the Adobe (NASDAQ: ADBE) Web sites infected was its Vlog It support section, an area providing tips for video bloggers. Sophos today notified users about this.

The other infected Adobe site Sophos discovered is Serious Magic. Adobe acquired Serious Magic, which produces high-quality video and communication software, in October 2006.

The shadow of Asprox

The Vlog It site was affected by malware known as Mal/Badsrc-C. It was delivered by a botnet (define) known as Asprox, which was also used in the attack on Adobe's Serious Magic site.

Botnets are networks of hijacked computers used to send malware. American authorities take the issue of botnet creation seriously, and a federal grand jury recently charged Brazilian Leni de Abreu Neto for his alleged involvement in a botnet ring.

Security vendors have been watching the Asprox botnet closely because "we've seen the Asprox botnet changing," Ryan Barnett, director of application security at Web security vendor Breach Security, told InternetNews.com. "When it came out, it targeted Microsoft-based Websites, with asp or asp.net on the front and Microsoft SQL Server on the back end."

Now, "it doesn't really matter what the front end Web technology is -- PHP, Java, as long as you have a Microsoft (NASDAQ: MSFT) back end database with user permissions that are too wide and SQL query constructions that are not set up properly, you can get infected," Barnett said.

This article was first published on InternetNews.com. To read the full article, click here.