Threat Level: yellow Handler on Duty: Russ McRee

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Continued interest in Nikjju mass SQL injection campaign

Published: 2012-04-23
Last Updated: 2012-04-24 00:17:18 UTC
by Russ McRee (Version: 1)
2 comment(s)

Readers continue to write in conveying updates from sources regarding the Nikjju mass SQL injection campaign. Like the Lilupophilupop campaign from December, ASP/ASP.net sites are target and scripts inserted.

Be wary of <script src= hxxp://nikjju.com/r.php ></script> or <script src = hxxp://hgbyju.com/r.php <</script> and the resulting fake/rogue AV campaigns they subject victims to.

Infected site count estimations vary wildly but a quick search of the above strings will give you insight. Handler Mark H continues to track this one and indicates that the MO is similar to the lihupophilupop campaign but that they're trying some interesting things this round. We'll report if anything groundbreaking surfaces.

As always if you have logs to share send them our way via the contact form or any comment with any insight you want to share with readers.

Russ McRee | @holisticinfosec

 

 

Keywords:
2 comment(s)
Diary Archives