A massive blitz of SQL injection attacks has been unleashed against Websites based on Microsoft ASP.Net. It is reported that up to a million Web pages have been infected so far.
The attack, discovered by online security firm Armorize, seems to be related to the LizaMoon attacks last April. The certificates used are registered under the same name as those used in the previous attack. There was also an apparently unrelated attack that infected six million sites in early August.
The exploit springs from malicious JavaScript planted on ASP.Net sites that causes a visitor’s browser to load an iframe. These in-line frames allow separate HTML files from one of two remote sites to be loaded into an existing Webpage. According to Armorize, these are www3.strongdefenseiz.in and www2.safetosecurity.rr.nu. The code in the iframe uses various drive-by exploits to try to place malware on the visitor’s PC.
The primary sites targeted seem to be mainly restaurants, hospitals, and other small businesses. Initially, Armorize said that 180,000 sites had been hit but CEO Wayne Huang told the Dark Reading Website that it has detected around a million infections since the original report was issued.
It appears that not all virus detection systems will recognise the malware, but most of the biggest name products do. However, the success of the attacks once again underline the importance of regular patching to protect against these avoidable infections.
The aim of attacks of this nature is not just to cause inconvenience but to cast a wide net and identify infected sites that may have valuable data, using a search engine. These can then be given closer attention by the hackers who will use the vulnerabilities for further exploits.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
Hi,
Automatic injection can be stopped if we use Master page for Index page. As per analysis of, I corrected more than 50 websites, These scrips or frames can be inserted in last of page or starting of page. If these will be inserted in Index page where master page will be used then It will come after closing of contentplaceholder tag. and It will show error while access the page from browser.
Regards,
Rohit
Moderator : xpode.com