Sponsored by..

Thursday 26 June 2008

Asprox: list of domains and mitigation steps

The folks over at Bloombit Software have a useful article called ASCII Encoded/Binary String Automated SQL Injection Attack which explains some of the technical details behind these attacks and also has another list of domains serving up malware which is useful to keep an eye on.

2 comments:

DomDom said...

Thanks for the article from Michael Zino.
Our web site was infected twice during the last 21 weeks.
I have implemented the code described by Michael Zino on our web site and adapted it a little and it works very well.
I can see attacks in the log but no more infection.

Dim query
query = Request.ServerVariables("QUERY_STRING")
If InStr(UCase(query),"EXEC(") > 0 OR InStr(UCase(query),"EXEC (") OR Len(query) > 500 Then
response.redirect("http://www.google.com")
End if
query = Request.form
If InStr(UCase(query),"EXEC(") > 0 OR InStr(UCase(query),"EXEC (") OR InStr(UCase(query),"EXEC%28") OR Len(query) > 500 Then
response.redirect("http://www.google.com")
End If

Unknown said...

Conrad,

Very informative series a post! If you are interested, I have an analysis of the javascript scripts that are injected:
part I [cs.ucsb.edu] and
part II [cs.ucsb.edu].