RealTime IT News

Mesh Injection Attack Claims 30,000 Sites

Mass meshing is a new type of redirection attack that differs from SQL injection in a number of critical ways. The most damaging difference is how users can mitigate the risks of a SQL injection versus the difficulties of defending against a Mass Meshing attack.

"The mass mesh victim sites are injected with JavaScript, but not to a small set of malicious redirectors, they are injected with malicious JavaScript that point to each other in a mesh," Wayne Huang, CTO at Armorize told InternetNews.com. "So the infected websites themselves are re-directors."

The mass mesh approach is in contrast with a traditional SQL injection attack where the site is injected with a malicious script that includes a redirector to a harmful domain. Those harmful domains can then just be blacklisted as a means of defense. With mass meshing, since the meshed sites are legitimate and always changing, it's significantly more difficult to simply block URLs.

Read the full story at eSecurityPlanet:
New Injection Attack: 30,000 Websites?