We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Massive SQL injection attack has comprised nearly 200,000 ASP.Net sites

Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say.

Attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rr.nu, according to security researchers at Armorize who discovered the attack. From there, the iframe attempts to plant malware on the visitor's PC via a number of browser drive-by exploits.

BACKGROUND: DDOS and SQL injections are hottest topics on hacking forums 

SECURITY QUIZ: How well do you know the insider threat? 

A drive-by exploit will load malware without a visitor's knowledge or participation (no need to open a file or click on a link). Fortunately, the attackers are using known exploits, with patches available, so the attack can only be successful if a visitor is using an outdated, unpatched browser without the latest version of Adobe PDF or Adobe Flash or Java.

Unfortunately, Armorize says that only a few of the most popular antivirus vendors can detect the dropped malware, according to the Virustotal web site. Virtustotal is a security monitoring service offered by Hispasec Sistemas that analyzes suspicious files and URLs. At this time, it says that six antivirus packages out of the 43 it monitors can detect this latest SQL injection attack. These are AntiVir, ByteHero, Fortinet, Jiangmin, McAfee and McAfee-GW-Edition.

The attack is targeting users whose default browser language is English, French, German, Italian, Polish or Breton. One of the sites accessed via the iframe is in Russia, the other is in the United States and is hosted by HostForWeb.com, Armorize says. Some of the planted malware accesses a site hosted in the United States, too.

Microsoft has been offering ASP.Net programmers information on how to protect against SQL injection attacks since at least 2005. In an article on MSDN that discusses preventing SQL injection attacks with SQL Server 2008 R2, Microsoft says, "Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker."

Companies running ASP.Net websites should validate that they have not become unwitting hosts of this latest attack.


Julie Bort is the editor of Network World's Microsoft Subnet and Open Source Subnet communities. She writes the Microsoft Update and Source Seeker blogs. Follow Bort on Twitter @Julie188.

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Apple's 2014 highlights: the most significant Apple news of 2014

IDG UK Sites

2015 creative trends: 20 leading designers & artists reveal the biggest influences & changes coming)......

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad