ASP.NET attacks hit more than a million

By

Malware campaign linked to LizaMoon.

A malware campaign targeting visitors to outdated websites has infected more than a million in less than a week.

ASP.NET attacks hit more than a million

The attacks exploited vulnerabilities in older versions of Java and Adobe Flash to hijack visitors' computers, turning them into bots.

As of last Wednesday, the campaign had infected about 200,000 web sites, according to security researchers quoting Google search results.

A similar search for evidence of the javascript attack yielded more than 1.1 million results today.

The attacks involve an SQL injection where malicious code is woven into websites -- mostly those running Microsoft ASP.NET, with patching or configuration vulnerabilities.

Vulnerable sites are typically those owned by universities, schools, associations and small businesses.

The code redirects visitors to websites such as jjghui.com/urchin.js, where they are infected with different malicious payloads.

Those malicious websites are registered under the bogus name “James Northone” which is the same fake identity used in the LizaMoon attacks in April.

LizaMoon attacks similarly infected some 1.5 million vulnerable websites with malicious code that redirected visitors to black hat sites which then distributed malicious payloads.

In both attacks, Australian websites have largely escaped infection.

Armorize chief executive officer Wayne Huang said as of last week, six out of 43 prominent anti-virus vendors had detected the attacks according to tests run against VirusBulletin.

Security vendor Sucuri pointed users to http://sitecheck.sucuri.net to check for vulnerable SQL bugs.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?