Over a million web sites affected in mass SQL injection attack

Summary:Security researchers from Armorize have intercepted a mass SQL injection attack, targeting ASP ASP.NET websites.

Security researchers from Armorize have intercepted a mass SQL injection attack, targeting ASP ASP.NET websites.

The mass infection, redirects users to a web malware exploitation kit, attempting to exploit vulnerabilities in Adobe PDF or Adobe Flash or Java, with the dropped malware having a low detection rate.

Mass SQL injection attacks usually take place through active search engines reconnaissance (SQL Injection Through Search Engines Reconnaissance; Massive SQL Injections Through Search Engine's Reconnaissance - Part Two; Massive SQL Injection Attacks - the Chinese Way) followed by automatic exploitation of the vulnerable sites.

Of the two SQL injected domains nbnjkl.com and jjghui.com, only nbnjkl.com is currently active and responding. The campaign is directly related to the Lizamoon mass SQL injection attacks, as the same email that's been used to register Lizamoon domains is currently used to register nbnjkl.com and jjghui.com.

Users are advised to take advantage of NoScript in order to protect themselves from this, and many other Web based threats.

Topics: Browser, Security, Software Development

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.