Jump to content
begood

Mass SQL injection attack compromises IIS/ASP sites

Recommended Posts

Posted

Thousands of websites and who knows how many visitors were affected by the recently discovered mass SQL injection attack that targeted - among others - The Wall Street Journal and The Jerusalem Post websites.

injection.jpg

Sucuri Security spotted the attack on many websites and Googled the http://ww.robint.us/u.js web address to which the script was pointing, and according to the results, some 114.000 different pages contained it.

Further investigation into the matter revealed the common denominator: all sites are hosted on IIS servers and use ASP.net. By sifting through the logs and the packet dump of the attack, they also discovered that the attack was launched against a third party ad management script.

When a user visits a compromised site, the malicious code will attempt to redirect him to a site where malware is waiting to be installed on his machine and allow the criminals behind this attack remote access to it.

Mary Landesman, security researcher with Cisco, claims that only around 7,000 pages are infected (she searched the entire script through Google, not just the web address it points to). She also points out that when it comes to larger websites, only certain pages on the websites are infected, which - she admits - might not mean much to affected users.

Mass SQL injection attack compromises IIS/ASP sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...