Mass SQL injection attack affected millions of ASP.net websites{Comments Off on Mass SQL injection attack affected millions of ASP.net websites}


by Boshi W
A recent article on Hacker News informed that a global attack done using SQL injection affected millions of outdated websites without the latest version of adobe PDF, Flash, or Java. Attackers planted malicious JavaScript on ASP.net sites causes the browser to load an iframe with one of the two remote sites: www3.strongdefensiez.in and www2.safetosecurity.rr.nu. From there, the iframe attempts to plant an malware on visitor’s PC Via a number of browser exploits without the visitor’s knowledge or participation. Fortunately, this browser exploit can be patched by browser updates so users with updated browser should not have issues with the exploit. However, it was researched that most of the antivirus softwares today cannot detect the malware and only a few even aware of it. By far, the most affected software is NoScript from firefox which prevents any scripts from running without the user’s permission.

A drive-by exploit such as this can be the main factor that the malware exists in the first place. Browser programmers should test every aspect of the software and constantly update them to prevent future attacks such as this. Exploits like these give hackers the opportunity they need to do harm as a massive scale.

THN Reporter. “Million ASP.Net Web Sites Affected with Mass SQL Injection Attack ~ The Hacker News | Hacking News | Learn Ethical Hacking Training.” The Hacker News | Hacking News | Learn Ethical Hacking Training. The Hacker News, 19 Oct. 2011. Web. 13 Nov. 2011. .