A mass SQL Injection attack has infected hundreds of thousands — as many as 500,000, according to some accounts — of normally trusted Web sites, including those of the United Nations and several governments. The attack, which mimics another recent malware attacks, was launched with the apparent goal of stealing visitors’ user information.

    While there is nothing new about that, there are some differences in this attack that are worrying the Internet security community.

What the attack does is take advantage of a badly developed site that allows the exploit to enter parts of SQL statements. It then injects a malicious code to every text field in the database. It is a very sophisticated exploit.

The script or tool behind the attack uses google to search for sites that include a file type and parameter that appear to be susceptible to SQL injection, and then uses the list returned by Google to mount its attack.

The main reason of this security loop hole can be the web developers.As Web developers are trying to make their Web sites more and more interactive, and [are] servicing more and more business needs, they are taking shortcuts — not following the best practices.

The attack works because most organizations have not yet implemented real-time database activity monitoring (DAM) technology for immediately detecting and blocking anomalous database activity.