Pin It
0

Mass SQL Injection Attacks 1.1 million ASP based websites

+ April 23, 2012 2:51 am Security

ASP.Net websites Mass SQL Injection
A new mass SQL injection campaign that attacks ASP/ASP.net based websites and spreading malware have been reported and have already compromised around 1.1 million websites just this month of April.

First reported by Sucuri Security, the hacker using the nikjju.com domain conduct a massive SQL injection campaign on the target ASP.net based sites, and when successful adds the JavaScript codeto the compromised web pages.

The web page when visited triggers the JavaScript code and the malware that redirect users to spammer websites offering fake or rogue antivirus that is said to be targeting mostly Windows users running Microsoft-IIS webservers and ASP websites. Apparently, Google on its search results tagged the infected websites as unfit to be visited with the message “This site may harm your computer” on the search engine result.

The malware is identified as MW:JS:150 by Sucuri and the encoded JavaScript malware reveals it as multiple directories that mimic itself as other search engines and websites such as Google, Mercadolibre and others to try to confuse the user.

Moreover, it does not only redirect users to spammer websites but also infects the user computer with a malware and virus that steals any stored password from the FTP client and uses that to attack the sites. It is advised to use an Antivirus for your PC if you have none. Nod32 was able to detect the malware right away and blocks me from visiting the infected websites as well as the Google search engine result. I did not test it with other Antivirus software’s.

The whois info of the rogue website nikjju.com revealed that it was registered in China on April 1, 2012 using BizCn.com as the registrar. 18 days just after the domain was registered it already has already infected 180,000 urls.

My further search revealed that the Chinese hacker is not only using one domain to compromised the websites but rather registered four more on the same registrar to spread the infection. Other domains being used by the hacker are fgthyj.com, hjfghj.com, hgbyju.com, and hnjhkm.com that use the same JavaScript call. As of this writing Google still shows around 1,130,000 results of websites still infected.

The Mass SQL injection according to Sucuri is similar to the LizaMoon Mass SQL injection which uses ur.php to hide the malware that as of this time, there are still sites being infected.

To find out if you’re site is compromised you can run a test using Sucuri SiteCheck to check.

via Sucuri Research Blog. Image via ActiveResponse.org

Ernan Baldomero is the editor and owner of BlogHam.com and presently blogs about the blue moon. He’s a coffee and internet addict all-in-one. Connect with Ernan on Twitter, StumbleUpon, Twitter, Facebook, +Ernan Baldomero Google+
Ernan Baldomero
View all posts by Ernan Baldomero
Ernans website

Leave a Reply




CAPTCHA Code
:

Lots Of Sexy Babes
Sexy Celebrity Gossip Photos
Sexy Lingerie Play
Celebs Headline Celebrity Gossip
Erotic Fantasy Wear
Celebrity Pictures Videos
Sexy Stockings and Tights
Naked Celebrities
Bridal Lingerie
Pretty Pictures
Sexy Lingerie
Hot Solo Babes
Sexy Lingerie XXX
HQ Celebs Home
Hottest Teen Babes
Asian Sluts
Sexy Lingerie Dresses
Pinar Altug naked celebrities
Christina Hendricks DOES NOT Disappoint! naked girl
Edita Vilkeviciute – hot VS swimwear nude pics
Melissa Bolo?a – sexy naked girl pics
Beth Humphreys And Her Big Boobs! nude beaches
Erin Heatherton ? sexy VS lingerie nude girls pics
Elyse Taylor’s Curves Are All On Display! naked
Bright Lace Open Cup Chemise Lingerie sexy outfits for women
Crystal Nook Sexy Chemise sexy swimwear
Natural leather Zip Up Thong babydoll dresses
Now it is in New York: Yahoo declares opening regarding single New york city office
Yahoo rolls out enormous Flickr renovate with 1TB involving free storage space
Copyright © 2013  BlogHam.com. All Rights Reserved.