Huge ASP.NET Attacks Reaching Far Across The Web

For anyone who heard about the massive Liza Moon bug earlier this year, this is a similar mass SQL injection attack.

So far, well over a million websites have been affected in some way by this. These are mainly sites that are associated with schools, universities, small businesses, and hospitals i.e. the types of organizations that probably wouldn’t spend thousands of dollars a year on advanced Internet security measures. Most of these were sites built using ASP.NET, and they were compromised by code being inserted by the bug. The code inserts an invisible link on the page that takes users to unsafe sites, which apparently divert to other sites as well. Apparently, all of the rogue sites are registered under the name “James Northone,” which is the same false name that was used during the aforementioned Liza Moon attack.

Surprisingly, only six out of forty three big web-security firms have actually been able to identify the virus, which is not good for the people that regularly visit the types of websites that would get infected. Experts have suggested that users keep all of the anti-virus and web related (Javascript, Flash, etc.) completely up to date because hackers often exploit weaknesses in previous under-supported versions of software.

Qushawn Clark
About Qushawn Clark
Qushawn is a staff writer for the iEntry Network

Leave a Reply

Your email address will not be published. Required fields are marked *