Security researchers from Internet Storm Center (ISC) have figured out an ongoing mass SQL-Injection attack. It was discovered in December 2011 and that time it was found that only 80 pages ware infected but now it has became 1Million+. The attack was named lilupophilupop because it redirected users to a domain with that name.
The attackers compromise sites via SQL injection with this string: ">. It appears to have hit sites worldwide, with the most infections in The Netherlands "NL" domain, with 123,000, and includes some .com and .org sites, as well.
Here Is a Rough Idea of Where The Pages Are :-
- UK - 56,300
- NL - 123,000
- DE - 49,700
- FR - 68,100
- DK - 31,000
- CN - 505
- CA - 16,600
- COM - 30,500
- RU - 32,000
- JP - 23,200
- ORG - 2,690
If you want to find out if you have a problem just search for "<script src="http://lilupophilupop.com/" in google and use the site: parameter to hone in on your domain.
Mr Mark Hofman of ISC said “Typically it is inserted into several tables. From the information gathered so far it looks targeted at ASP, IIS and MSSQL backends, but that is just speculation. If you find that you have been infected please let us know and if you can share packets, logs please upload them on the contact form.”