Malware, Network Security, Threat Management, Vulnerability Management

ASP.NET attacks growing in reach


Another mass SQL injection assault, similar to "Liza Moon" attacks from earlier this year, is impacting more than a million websites.

The attacks exploited vulnerabilities in older versions of Java and Adobe Flash to hijack visitors' computers, turning them into bots.

As of last Wednesday, the campaign had infected about 200,000 websites, according to security researchers at Armorize. 

A similar search for evidence of the JavaScript attack yielded more than 1.1 million results on Monday.

The attacks involve an SQL injection where malicious code is woven into websites, mostly those running Microsoft ASP.NET with patching or configuration vulnerabilities.

Vulnerable sites typically have been those owned by universities, schools, associations and small businesses.

The malicious code in the attacks redirects visitors to rogue websites, where they are infected with varying payloads.

Those malicious sites are registered under the bogus name “James Northone,” which is the same fake identity used in the Liza Moon attacks in April.

Liza Moon attacks similarly infected some 1.5 million vulnerable websites with malicious code that redirected visitors to black-hat sites, which then distributed malicious payloads.

Armorize CEO Wayne Huang said that as of last week, six out of 43 prominent anti-virus vendors had detected the attacks, according to tests run against Virus Bulletin.

Security vendor Sucuri pointed users to to check for their vulnerability to the attacks.

This article originally appeared at

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.