Asprox - definitely a new round of sql-injections
There is definitely a new round of sql-injections happening.
The three main domains hosted on the Asprox botnet that are being used are wmpd.ru, mtno.ru and nvepe.ru.
The two .kz domains, dft6s.kz and bnmd.kz are not being directly used for the attacks (so far).
The domains do hold the style.js file.
See also previous post a couple of days ago ("Asprox - back on track")
Last Friday evening, via search engines, I found around hundred domains/pages that were infected.
Now there are probably thousands.
Search result from yahoo
MSN results
Google search result
The old .js files are still hanging in there: add.js, b.js, fgg.js, ngg.js, script.js (and probably more, I have forgotten the names).
But it is the new style.js file that is being used in the injections.
Maybe more later.
Similar
Syndicate
Recent comments
40 weeks 5 days ago
41 weeks 1 day ago
41 weeks 5 days ago
41 weeks 5 days ago
43 weeks 16 hours ago
1 year 21 weeks ago
1 year 21 weeks ago
1 year 24 weeks ago
1 year 24 weeks ago
1 year 25 weeks ago