I have been tracking the Nikjju SQL Injection attack, an ongoing mass SQL injection attack, today i found another malicious domain that has been used in this attack. The domain 'skdjui.com' is registered yesterday only(May 8,2012).
There is nothing surprise about Registrant details. Yes, it has same registrant details ,registered with same mail id 'jamesnorthone[at]hotmailbox.com'.
Exploiting the vulnerability in websites and injecting malicious scripts is not new one. Last year hackers inject malicious iFrame in lot of sites , researchers dubbed the attack as 'Lizamoon'.
The list of Malicious domains:
Uhjiku domain created on May 5 and skdjui created on May 8, hackers took only 3 days for creating another domain.
If you visit the compromised sites , the site will redirect you to malware distributing domain.
There is nothing surprise about Registrant details. Yes, it has same registrant details ,registered with same mail id 'jamesnorthone[at]hotmailbox.com'.
Exploiting the vulnerability in websites and injecting malicious scripts is not new one. Last year hackers inject malicious iFrame in lot of sites , researchers dubbed the attack as 'Lizamoon'.
The list of Malicious domains:
- Nikjju.com
- hgbyju.com
- hnjhkm.com
- njukol.com
- Uhjiku.com
- Uhijku.com
- skdjui.com
Uhjiku domain created on May 5 and skdjui created on May 8, hackers took only 3 days for creating another domain.
If you visit the compromised sites , the site will redirect you to malware distributing domain.
