ASP.NET attacks infect more than a million

A million people have been infected in less than a week after a malware campaign targeted visitors to outdated websites.

The attacks exploited vulnerabilities in older versions of Java and Adobe Flash to hijack visitors' computers; as of last Wednesday, the campaign had infected about 200,000 websites, according to security researchers quoting Google search results. A similar search for evidence of the Javascript attack yielded more than 1.1 million results today.

The attacks involve an SQL injection where malicious code is woven into websites – mostly those running Microsoft ASP.NET, with patching or configuration vulnerabilities.

Vulnerable sites are typically those owned by universities, schools, associations and small businesses.

The code redirects visitors to websites where they are infected with varying malicious payloads. Those malicious websites are registered under the bogus name 'James Northone', which is the same fake identity used in the LizaMoon attacks in April.

LizaMoon attacks similarly infected some 1.5 million vulnerable websites with malicious code that redirected visitors to black-hat sites, which then distributed malicious payloads.

Armorize chief executive officer Wayne Huang said that as of last week, six out of 43 prominent anti-virus vendors had detected the attacks, according to tests run against VirusBulletin.

Security vendor Sucuri pointed users to http://sitecheck.sucuri.net to check for vulnerable SQL bugs.

Sign up to our newsletters