Nikjju Injection Compromises More Than 180,000 Pages !

Effect - Hackers have compromised above 180,000 pages by this new SQL injection vulnerability against ASP sites and the number is growing very fast.

The effect is also seen on blogger users as their ‘’Traffic sources’’ area shows traffic from the infected links.

Script Used- The script used in the process :

What it does - The script redirects the users to a Fake AVs  like best-antivirus…something. Or http://www4.savegco-antivir.com ….

Protection - You can check if your site has been infected or not ,go here http://sitecheck.sucuri.net/scanner/

And scan your website.

Information on Nikkju- It has been found that domain named nikjju.com was registered on 1^st April and attack most probably began after 4^thapril.

Some government sites affected by it :

jnd.xmchengdu.gov.cn

study.dyny.gov.cn

www.cnll.gov.cn

www.bj.hzjcy.gov.cn

www.mirpurkhas.gov.pk

www.tdnyw.gov.cn

gcjs.kaifeng.gov.cn

Till now no way has been found to prevent this Mass attack though google and other authorities are working on it.

The amount of pages it is effecting is increasing at a very rapid rate.

Precaution - Do not open untrusted links and the links starting from ''antivir...something or www.savegro-antivir.com...".

Author:


Shikhil Sharma is the newest RHA member. If you would like to contribute to RHA, Kindly email rafayhackingarticles@gmaill.com.