Saturday, April 02, 2011

LizaMoon mass injection attack

I realize the title of this blog entry has little meaning to most people, and that is more troubling than the actual attack. It's a direct indicator of the current state of the internet (I have stopped capitalizing a mundane, everyday thing like "internet"), and anyone who spends time online should be interested. I realize that's akin to saying drivers should take an interest in what's under the hood. Nevertheless...

LizaMoon is another in a 12-year-old (15?) shift from teenage exploration to mass criminality, and it affects everyone on the web, and even the Luddite offliners. In this attack, people are being diverted from their intended destination to a website, or numerous ones, where fake antivirus software is installed. This, of course, is just a malware scam to get the masses to pay up to make the fake virus go away.

SQL injection is an interesting little attack. It's a way to take data, which are really SQL database commands, from a form field and get it into that backend SQL installation. Microsoft description:

    SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

Read the book Kingpin by Kevin Poulsen to get a good description of this attack, and also to get up to speed on the current state of affairs in online organized crime. The infamous Iceman used an injection attack against his criminal competitors. It's always fun to read about a criminal who goes after other criminals.

Incidentally, Kingpin's author is one of the more interesting hackers of the 1980s and 1990s -- turned writer. Perhaps it takes a gifted, audacious hacker to get access to and write about others of the same ilk.

Anyone who is interested in Kingpin, or has already read the book, should also try The Watchman, by Jonathan Littman. This is the book about Kevin Poulsen's exploits. It's thoroughly entertaining. Poulsen and other hackers have attacked the veracity of the book, but Littman is known for thoroughness, and since Poulsen has yet to publish his version of events, his voice is not loud enough to hear.

LizaMoon story at Computerworld is here.

Since I'm on the theme of cybercrime books, here are the best ones, in my view:

The Watchman (about Kevin Poulsen, Ron Austin, and Justin Peterson)
Kingpin (Max Butler, a.k.a. Iceman)
Fatal System Error (numerous, including Russians)
The Fugitive Game (Kevin Mitnick and Lewis Depayne)
Takedown (Kevin Mitnick)
@LARGE (Tim Bach a.k.a. Matt Singer, Phandomd, and Infomaster)
The Cuckoo's Egg (Pengo, the German spy-hacker)
Cyberpunk (Kevin Mitnick, Robert Tappan Morris, and Pengo)
Masters of Deception, the gang that ruled cyberspace (Acid Phreak, Phiber Optik and crew)
The Hacker Crackdown (various; also, this is free and legal online here)

No comments: