Computer security researchers came up with an idea why internet isn’t a safe place. The conclusion is amazingly simple but it doesn’t bring any good news for now: millions of websites can be infected with the same single trick, but fixing each vulnerable website requires unique and complex solution. That’s why patching a single web page takes more time than infecting thousands of websites.
Enormous numbers of websites can be turned into malware distributors using SQL injection vulnerability. This type of hijack tricks system by inserting malicious code into regular text fields (such as name, email, etc.) in order to gain access to website’s server. This vulnerability doesn’t depend of software; it’s different for each website because each website is different in one way or another. That’s why software vendors can’t make a unique patch to cure the problem. According to security experts, it takes approximately 4 months to fix SQL injection bug on a single website. Besides, catching sight of SQL injection attack and vulnerability itself is complicated. Other ways to infect a website and get an advantage of it can also be used for massive attack when a single trick disturbs a work of plenty of websites.