Mass SQL Injection for Malware Distribution

SQL injection attacks are typically a way to steal credit card numbers, other valuable data, or as a pivot point from the internet to the internal network. We are now beginning to see SQL injection as a way to distribute malware making vulnerable web applications a platform for hackers to launch attacks to the client-side. The goal of the hackers is to infect as many computers as possible, adding them to the millions of infected bots already under their control. This paper will discuss the role vulnerable web applications play in these attacks, including how they are targeted and exploited. The attacks have varied since first being discovered in 2007, with the client-side exploitation code changing to keep up with the latest vulnerabilities and the start of targeted attacks against Cold Fusion web applications. There has been no shortage of vulnerable applications in each instance. This paper will discuss lessons learned from these attacks and what can be done to prevent future occurrences.