Over a million web sites affected in mass SQL injection attack

Over a million web sites affected in mass SQL injection attack

Summary: Security researchers from Armorize have intercepted a mass SQL injection attack, targeting ASP ASP.NET websites.

SHARE:

Security researchers from Armorize have intercepted a mass SQL injection attack, targeting ASP ASP.NET websites.

The mass infection, redirects users to a web malware exploitation kit, attempting to exploit vulnerabilities in Adobe PDF or Adobe Flash or Java, with the dropped malware having a low detection rate.

Mass SQL injection attacks usually take place through active search engines reconnaissance (SQL Injection Through Search Engines Reconnaissance; Massive SQL Injections Through Search Engine's Reconnaissance - Part Two; Massive SQL Injection Attacks - the Chinese Way) followed by automatic exploitation of the vulnerable sites.

Of the two SQL injected domains nbnjkl.com and jjghui.com, only nbnjkl.com is currently active and responding. The campaign is directly related to the Lizamoon mass SQL injection attacks, as the same email that's been used to register Lizamoon domains is currently used to register nbnjkl.com and jjghui.com.

Users are advised to take advantage of NoScript in order to protect themselves from this, and many other Web based threats.

Topics: Browser, Security, Software Development

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • RE: Over a million web sites affected in mass SQL injection attack

    You do realize the difference between "search hits" and "sites affected", right? As an extreme example, what if google returned 1M hits but they all happened to be on example.com? What conclusion can we draw?
    forrestgump2000@...
    • RE: Over a million web sites affected in mass SQL injection attack

      @forrestgump2000@... We can likely draw the conclusion that Dancho was under the gun to post up an entry quick and made an honest mistake. It's more accurate to refer to it as "pages affected".
      ejhonda
  • RE: Over a million web sites affected in mass SQL injection attack

    Does anyone still uses ASP <a href="http://en.wikipedia.org/wiki/ASP_.Net" target="_blank">ASP.NET</a>?<br><br>Apparently so.

    PS. Keep Windows and it's technologies off the edge.
    Return_of_the_jedi
    • Of course

      @Return_of_the_jedi <br>Because SQL injection only happens with ASP and ASP.NET. <br><br>It's not like it could be done in any language on a poorly coded website, is it? So much for a jedi...
      crazydanr@...
    • RE: Over a million web sites affected in mass SQL injection attack

      @Return_of_the_jedi

      http://www.pcworld.com/businesscenter/article/223457/mysql_website_falls_victim_to_sql_injection_attack.html
      davidp_1978
  • RE: Over a million web sites affected in mass SQL injection attack

    http://voguecatch.us
    ksdghi`
  • Adobe strikes again

    I've had two infections on my machine in the last 12 years. Both were Adobe related. After the first one I took Adobe off my systems. The state then required you to use genuine Adobe to fill in tax forms and I got bit again. Now we load Adobe, do the tax work and uninstall Adobe.
    mswift@...
    • RE: Over a million web sites affected in mass SQL injection attack

      @mswift@... That's just a ham-fisted solution to the problem. You should just do all your tax forms in a virtual machine if you're going to be that way. :/
      ZazieLavender
      • RE: Over a million web sites affected in mass SQL injection attack

        @ZazieLavender
        How many updates would it take to get a year old version of Adobe up to current security spec???
        mswift@...
    • RE: Over a million web sites affected in mass SQL injection attack

      @mswift@... Sounds like you're using outdated Adobe software :| , update to the current latest (10.1.X) and enable it's "Protected View" setting for files from suspecious locations.
      MrElectrifyer
    • just do it on a mac

      @mswift@...
      stay away from Windows & your problem will be solved
      theo_durcan
  • Let me see if I have this right:

    For future reference, it's NotScripts, or some equivalent, on Chrome (and its variants). I stopped using Firefox a long time ago. I have been using a variant and most extensions hit a brick wall. Even if I did use a stock version, I wouldn't trust it. (Testing? WE don't need no stinking testing.)

    Only presenting one of a (long) list of options rather than one that actually helps most people is throwing people under the bus. Heck, you should have most of this boiler-plated by now. When I was a SysOp on C$, and an SA/CIO (Acting) for the Navy, I had them all on tap. Guess the web makes people stupid these days.
    Brian J. Bartlett
  • RE: Over a million web sites affected in mass SQL injection attack

    here is list of online SQLi Scanners: http://www.insecurestuff.in/2011/10/online-sqli-scanners.html
    ankit319
  • SQLi Scanners

    Here is List of SQLi Scanners: http://www.insecurestuff.in/2011/10/online-sqli-scanners.html
    ankit319
  • Revealed: Use NoScript, and...

    ...plenty of sites don't work.
    Win8AnUglyDisaster