A massive blitz of SQL injection attacks has been unleashed against Websites based on Microsoft ASP.Net. It is reported that up to a million Web pages have been infected so far.
The attack, discovered by online security firm Armorize, seems to be related to the LizaMoon attacks last April. The certificates used are registered under the same name as those used in the previous attack. There was also an apparently unrelated attack that infected six million sites in early August.
The exploit springs from malicious JavaScript planted on ASP.Net sites that causes a visitor’s browser to load an iframe. These in-line frames allow separate HTML files from one of two remote sites to be loaded into an existing Webpage. According to Armorize, these are www3.strongdefenseiz.in and www2.safetosecurity.rr.nu. The code in the iframe uses various drive-by exploits to try to place malware on the visitor’s PC.
The primary sites targeted seem to be mainly restaurants, hospitals, and other small businesses. Initially, Armorize said that 180,000 sites had been hit but CEO Wayne Huang told the Dark Reading Website that it has detected around a million infections since the original report was issued.
It appears that not all virus detection systems will recognise the malware, but most of the biggest name products do. However, the success of the attacks once again underline the importance of regular patching to protect against these avoidable infections.
The aim of attacks of this nature is not just to cause inconvenience but to cast a wide net and identify infected sites that may have valuable data, using a search engine. These can then be given closer attention by the hackers who will use the vulnerabilities for further exploits.
Good news for creditors. CEO John Ray III says bankrupt crypto exchange FTX will be…
Chip giants Intel and Qualcomm complain of sales impact after United States revokes some of…
Using the Digital Services Act, European Commission asks X (formerly Twitter) for details over reduction…
Payroll records of nearly all members of the UK's armed forces have been exposed, reportedly…
Updates arrive for two iPad models (iPad Air and iPad Pro) as well as some…
US government sued by TikTok in bid to block law that will force sale of…
View Comments
Hi,
Automatic injection can be stopped if we use Master page for Index page. As per analysis of, I corrected more than 50 websites, These scrips or frames can be inserted in last of page or starting of page. If these will be inserted in Index page where master page will be used then It will come after closing of contentplaceholder tag. and It will show error while access the page from browser.
Regards,
Rohit
Moderator : xpode.com