SQL injection infects more high profile websites

San Jose, Calif.-based Finjan Software Inc. has documented more than 1,000 unique websites falling victim to SQL injection attacks in the first two weeks of July.

Ayelet Heyman, a Finjan security researcher said the list of sites include a large number of government and top businesses. Some of the sites compromised include San Francisco’s official website, the City of Marysville Police Department, the Department of Culture and Tourism of the State of Bahia, Brazil, the National Health Service website in the UK, and Snapple Beverage Corp. The list goes on and on. In addition, Finjan found some advertisement networks directing people to compromised sites.

Heyman said the attack is being carried out by users of the Asprox toolkit. Clearly it’s getting easier and easier for non-techies to pull off a successful attack. All they have to do is buy a toolkit to begin spreading malware. The toolkit injects JavaScript code, which ultimately infects website visitors with a Trojan.