ASP.NET Assaults Strike Over 1m Websites

Google discloses a bulk contamination spree that disrupted innumerable websites using malware, which attacked ASP.NET or ASP Web-application protocols, published Softpedia dated October 13, 2011.

Essentially, more than 600,000 websites were affected when an SQL-insertion assault targeted ASP.NET sites. And during the period when Armorize publicized this finding, merely 6 security firms from a total of 43 managed to identify the malicious program.

Apparently, the contamination involves a code insertion inside online sites that hospitals, restaurants along with other small-sized companies operate as well as implanting of a web-link, that's invisible, into users' web-browsers that lead onto sites like nbnjkl.com as well as jjghui.com.

These sites too then divert onto many other sites like www2.safetosecurity.rr.nu and www3.strongdefenseiz.in, which have concealed malware for abusing known security flaws within Java, Flash or PDF of Adobe.

Disturbingly, internauts having expired components in browsers become immediately contaminated whilst they access any from among the hijacked websites. This is devoid of even their perception of the cause of the attack as also despite the drive-by assault apparently hitting just those Internet sites that rely on the aforesaid protocols.

The hijacked websites are falsely named "James Northone" during registration that's the identical bogus name utilized during the LizaMoon assaults of April 2011.

Specifically according to Securi a security firm, the registration details related to the URLs utilized within the assault in question exactly represent those utilized for the previous LizaMoon URLs. Consequently, LizaMoon assaults' impact on about 1.5m weakened websites was the same when malware on those websites diverted visitors onto BHSEO-poisoned sites that served malicious payloads.

Luckily, Australian websites mainly remained free from infection during both assaults.

Meanwhile, security specialists say that for resident Internet operators, who've safeguard measures installed, should remain secured since when some anti-virus agencies become aware of a malware, others will closely follow as well as fast blacklist the malware learnt as causing destruction.

But, incase end-users haven't still completed the installations, they must speedily make their browsers up-to-date along with Java and Adobe Flash, since often, attackers exploit the flaws within the previous editions for delivering such several drive-by threats related to browsers.

Related article: ACP/ BOA Provide Tips to U.S. Taxpayers

» SPAMfighter News - 10/26/2011