Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Massive SQL injection attack compromises 180,000 ASP.Net sites

Only a few of the most popular antivirus vendors can detect the malware

Article comments

Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say.

Attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rr.nu, according to security researchers at Armorize who discovered the attack. From there, the iframe attempts to plant malware on the visitor's PC via a number of browser drive-by exploits.

Only a few antivirus vendors can spot it

A drive-by exploit will load malware without a visitor's knowledge or participation (no need to open a file or click on a link). Fortunately, the attackers are using known exploits, with patches available, so the attack can only be successful if a visitor is using an outdated, unpatched browser without the latest version of Adobe PDF or Adobe Flash or Java.

Unfortunately, Armorize says that only a few of the most popular antivirus vendors can detect the dropped malware, according to the Virustotal web site. Virtustotal is a security monitoring service offered by Hispasec Sistemas that analyzes suspicious files and URLs. At this time, it says that six antivirus packages out of the 43 it monitors can detect this latest SQL injection attack. These are AntiVir, ByteHero, Fortinet, Jiangmin, McAfee and McAfee-GW-Edition.

Malware hosted across continents

The attack is targeting users whose default browser language is English, French, German, Italian, Polish or Breton. One of the sites accessed via the iframe is in Russia, the other is in the United States and is hosted by HostForWeb.com, Armorize says. Some of the planted malware accesses a site hosted in the United States, too.

Microsoft has been offering ASP.Net programmers information on how to protect against SQL injection attacks since at least 2005. In an article on MSDN that discusses preventing SQL injection attacks with SQL Server 2008 R2, Microsoft says, "Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker."

Companies running ASP.Net websites should validate that they have not become unwitting hosts of this latest attack.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *