Mass meshing is a new type of redirection attack that differs from SQL injection in a number of critical ways. The most damaging difference is how users can mitigate the risks of a SQL injection versus the difficulties of defending against a Mass Meshing attack.
“The mass mesh victim sites are injected with JavaScript, but not to a small set of malicious redirectors, they are injected with malicious JavaScript that point to each other in a mesh,” Wayne Huang, CTO at Armorize told InternetNews.com. “So the infected websites themselves are re-directors.”
The mass mesh approach is in contrast with a traditional SQL injection attack where the site is injected with a malicious script that includes a redirector to a harmful domain. Those harmful domains can then just be blacklisted as a means of defense. With mass meshing, since the meshed sites are legitimate and always changing, it’s significantly more difficult to simply block URLs.