LizaMoon attacks may have waned but code injection is still rife with a million pages infected in a new wave
A massive blitz of SQL injection attacks has been unleashed against Websites based on Microsoft ASP.Net. It is reported that up to a million Web pages have been infected so far.
The attack, discovered by online security firm Armorize, seems to be related to the LizaMoon attacks last April. The certificates used are registered under the same name as those used in the previous attack. There was also an apparently unrelated attack that infected six million sites in early August.
The exploits, which act just by being displayed, are all previously known so the exploit will only be successful if the browser is an older version which has not been patched. It will also use weaknesses in older versions of Adobe Flash and Reader or in Java.
The primary sites targeted seem to be mainly restaurants, hospitals, and other small businesses. Initially, Armorize said that 180,000 sites had been hit but CEO Wayne Huang told the Dark Reading Website that it has detected around a million infections since the original report was issued.
It appears that not all virus detection systems will recognise the malware, but most of the biggest name products do. However, the success of the attacks once again underline the importance of regular patching to protect against these avoidable infections.
The aim of attacks of this nature is not just to cause inconvenience but to cast a wide net and identify infected sites that may have valuable data, using a search engine. These can then be given closer attention by the hackers who will use the vulnerabilities for further exploits.