ASP.NET attacks hit more than a million

A malware campaign targeting visitors to outdated websites has infected more than a million in less than a week.

The attacks exploited vulnerabilities in older versions of Java and Adobe Flash to hijack visitors' computers, turning them into bots.

As of last Wednesday, the campaign had infected about 200,000 web sites, according to security researchers quoting Google search results.

A similar search for evidence of the javascript attack yielded more than 1.1 million results today.

The attacks involve an SQL injection where malicious code is woven into websites -- mostly those running Microsoft ASP.NET, with patching or configuration vulnerabilities.

Vulnerable sites are typically those owned by universities, schools, associations and small businesses.

The code redirects visitors to websites such as jjghui.com/urchin.js, where they are infected with different malicious payloads.

Those malicious websites are registered under the bogus name “James Northone” which is the same fake identity used in the LizaMoon attacks in April.

LizaMoon attacks similarly infected some 1.5 million vulnerable websites with malicious code that redirected visitors to black hat sites which then distributed malicious payloads.

In both attacks, Australian websites have largely escaped infection.

Armorize chief executive officer Wayne Huang said as of last week, six out of 43 prominent anti-virus vendors had detected the attacks according to tests run against VirusBulletin.

Security vendor Sucuri pointed users to http://sitecheck.sucuri.net to check for vulnerable SQL bugs.

Copyright © SC Magazine, Australia