Thousands of Websites Hit by Ongoing Mass SQL Injection Attack

SQL InjectionIt appears that the cybercriminals behind the 2011 Lizamoon mass SQL injection attack are at it again.

Security researchers at Webroot warn that another massive SQL injection attack is currently underway and that hundreds of thousands of websites have already been injected with a malicious script pointing towards one of the following domains:

  • hjfghj.com/r.php (~84,900 sites infected)
  • fgthyj.com/r.php (~205,000 sites infected)
  • gbfhju.com/r.php (~68,200 sites infected)
  • statsmy.com/ur.php (~930,000 sites infected)
  • stmyst.com/ur.php (~236,000 sites infected)

All of the domains are parked at 91.226.78.148, which is hosted within the Russian Federation, and are registered using the same information as other domains used in previous SQL injection attacks, including the Lizamoon mass SQL injection attack last year:

JamesNorthone
James Northone jamesnorthone@hotmailbox.com
+1.5168222749 fax: +1.5168222749
128 Lynn Court
Plainview NY 11803
us

Webroot analysts suspect that the cybercrooks are already beginning to cover their tracks, though, as the domains listed above are currently returning a “404 Not Found” error message. However, given the amount of activity witnessed from this group within the last year, it’s only a matter of time before they launch their next attack.

To avoid being affected by mass SQL injection attacks like these, users should keep their systems up-to-date and use antivirus software. Past mass SQL injection attacks by this particular group were focused on spreading scareware (fake antivirus software), so be cautious of “security alerts” that do not follow the typical behavior and/or appearance of your legitimate antivirus program.

Site owners can minimize their chances of their site being hacked by using strong FTP credentials and checking for website vulnerabilities (such as outdated CMS systems, plug-ins, etc).

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, malware and tagged , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5