Another mass SQL injection assault, similar to “Liza Moon” attacks from earlier this year, is impacting more than a million websites.
The attacks exploited vulnerabilities in older versions of Java and Adobe Flash to hijack visitors’ computers, turning them into bots.
As of last Wednesday, the campaign had infected about 200,000 websites, according to security researchers at Armorize.
The attacks involve an SQL injection where malicious code is woven into websites, mostly those running Microsoft ASP.NET with patching or configuration vulnerabilities.
Vulnerable sites typically have been those owned by universities, schools, associations and small businesses.
The malicious code in the attacks redirects visitors to rogue websites, where they are infected with varying payloads.
Those malicious sites are registered under the bogus name “James Northone,” which is the same fake identity used in the Liza Moon attacks in April.
Liza Moon attacks similarly infected some 1.5 million vulnerable websites with malicious code that redirected visitors to black-hat sites, which then distributed malicious payloads.
Armorize CEO Wayne Huang said that as of last week, six out of 43 prominent anti-virus vendors had detected the attacks, according to tests run against Virus Bulletin.
Security vendor Sucuri pointed users to http://sitecheck.sucuri.net to check for their vulnerability to the attacks.