Home   About Us    Services and Products   Support   Contact Us

Support Overview

Help Desk

Online Service Request

Emergency IT Support

Security Alerts

Computer Usage Tips

Security Alerts

Security Warning:  Mass SQL Injection Attack Targets ASP.NET Sites
10/24/2010

Hackers have successfully planted malicious JavaScript on about 180,000 web pages that are built on the Microsoft ASP.Net platform.  The malicious script is using a so called "drive-by download" that does not require any user action (no need to open a file or click on a link) other than visiting a webpage that has been injected.  Web sites that you know and trust might have been affected.  The attacks take advantage of poorly configured or secured Web servers and then use those compromised pages as jumping-off points for second-phase attacks against visitors to the sites.

As of this writing, only a few of the most popular antivirus vendors can detect the dropped malware.

Threat Level

Warning:  Websites compromised.

(A "warning" alert is for a situation that are currently occurring or conditions are right for the situation to occur soon.)

Severity:  High. Drive-by download with no user action required.

How Are Systems Compromised?

The script causes browsers to load an iframe with the phase two web site, www3.strongdefenseiz.in (75.102.21.121) or www2.safetosecurity.rr.nu (65.98.83.115).  The iframe then attempts to plant malicious software on the visitor's PC via various drive-by exploits that require no user interaction and without the user's knowledge.  The attacks are using known exploits, for which patches are available, for the drive-by exploits.

The malicious script is programmed to update the sites hosting phase two website.  We suspect that there are other malicious web sites:

  • www3.bestyud-master.rr.nu
  • www3.simplellantivir.rr.nu
  • www3.thebest-peguard.rr.nu
  • www3.strongdefenseiz.in
  • www3.strongazsuite.in
  • nbnjki.com

The account used to host the updating list has been blocked.  So the authors can no longer update the list of hosts for the second phase of the attack.

Managed Care Customers Protected

IT Professional Services has blocked access to the second phase web sites in the web content filters for all systems under Managed Care.

How Do I Protect My Computer?

Since the malicious web sites are attempting to exploit vulnerabilities for which there are patches available, make sure that your computers have up-to-date patches installed, especially for Java and Adobe Reader.  Note that those patches are not installed by Microsoft update and require some other method to install.  Note also that if you are following the best practice of not running as a local administrator, automatic updating of Java and Adobe Reader might not happen until you log on your PC as an administrator.  So, log on as an administrator and make sure that all patches are installed.  You can verify that your computer has no known vulnerabilities by running a free scan using the Secunia Online Software Inspector (OSI).

More Information

News

http://www.networkworld.com/news/2011/101911-sql-injection-attack-252188.html

http://threatpost.com/en_us/blogs/mass-injection-attack-targets-aspnet-sites-101911

Professional Services

If you need assistance installing protection from this vulnerability or a security assessment, IT Professional Services can help. Call our help desk.

If you do not have network edge protection that can do web content filtering, ITPS has a Unified Threat Management (UTM) gateway service that can provide that protection.  To schedule a free 30-day trial of the UTM gateway, contact us.

Find out more about our Managed Care service.

To find out how vulnerable your network is schedule a free network security analysis today.

We at IT Professional Services (ITPS) hope that the information in this bulletin is valuable to you. ITPS believes the information provided herein is reliable. While care has been taken to ensure accuracy, your use of the information contained in this bulletin is at your sole risk. All information in this bulletin is provided "as-is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the bulletin are authored, recommended, supported or guaranteed by ITPS. ITPS shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Privacy Policy

© 2009-2013 IT Professional Services All rights are reserved.  (805) 650-6030