i2 Security Blog

Keeping you upto date on the world of IT Security

i2 Security Blog - Keeping you upto date on the world of IT Security

Mass attack on websites running ASP.NET

Research has highlighted a mass attack on web servers running ASP.NET, the infection redirects users to site’s running old versions of Oracle’s JAVA, Adobe’s Flash and various browsers.  The attack was disclosed by security firm Armorize on Wednesday.

The initial attack is showing around 1.15 million infected pages and the follow on exploit around 17500 pages, figures shown are from Google searches.

The infection injects code into ASP.NET websites and plants an invisible link in to visitors’ browsers to sites including jjghui.com and nbnjkl.com, which in turn redirect to a number of other sites which include obfuscated code.  The sites use a number of attacks that exploit well known vulnerabilities in JAVA, Flash etc.  Computers running unpatched versions are then used by the attackers.

Armorize researchers submitted the attack code lastweek and at the time only six of the top 43 antivirus vendors detected the attack, hopefully this figure has drastically increased since then.

Another firm, Securi, has released a scanner that can detect if your site is infected, click here

If your site is compromised you must remove the infection from your database and audit ALL code to remove SQL Injection issues.