10K+ Websites Infected In Ongoing Mass SQL Injection Attack

10K+ Websites Infected In Ongoing Mass SQL Injection Attack
Security experts of Webroot has confirmed that another mass SQL-Injection attack is currently underway. According to the blog post of Webroot "Hundreds of thousands of legitimate web sites are currently affected in a a mass SQL injection attack that has been ongoing for the past several months. The ongoing mass SQL injection attacks, are directly related to last year’s scareware-serving Lizamoon mass SQL injection attacks. The cyber criminals behind it, are automatically exploiting the legitimate web sites, and embedding a tiny script on the affected pages, abusing an input validation flaw, or exploiting vulnerable and outdated versions of the web application software running on them."
The campaign is currently consisting of 5 SQL injected domains parked on a single IP hosted within the Russian Federation. Parked at 91.226.78.148 (AS56697, LISIK-AS OOO “Byuro Remontov “FAST”) are the following domains participating in the mass SQL injection attack:
hjfghj.com/r.php – According to Google, 323,000 sites are affected
fgthyj.com/r.php – According to Google, 390,000 sites are affected
gbfhju.com/r.php – According to Google, 74,200 sites are affected
statsmy.com/ur.php – According to Google, 3,080,000 sites are affected
stmyst.com/ur.php – According to Google, 1,320,000 sites are affected

All of these domains have been registered by the same cybercriminal/gang, using identical WHOIS records:
JamesNorthone
James Northone jamesnorthone@hotmailbox.com
+1.5168222749 fax: +1.5168222749
128 Lynn Court
Plainview NY 11803
US

Thankfully, all of these domains are currently returning a “404 Not Found” error message, with the cybercriminals behind the campaign, attempting to cover their tracks. Earlier in 2011 we have also seen such scenario when 614,000 webpages comromised with mass ASP.NET Infection, also Willysy malware Infects More than 6 Million WebSitesLilupophilupop Attack took 1 Million+ Web-pages and so on. Even in last month we have seen more than 200,000 websites get compromised with fake anti-virus exploit. There is no ready made solution for such attacks or vulnerabilities because we all know that "Security is an Illusion", but still the site Admin & webmasters should became more conscious and try to avoid silly programming mistakes, should keep their systems up-to-date and use antivirus software. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: ,

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...