A continuation of the latest wave of SQL Injection attacks is bigadnet.com - many sites infected with "older" attacks have been "upgraded" to bigadnet.net. The inserted code to look for is www.bigadnet.com/b.js which then forwards to bigadnet.com/cgi-bin/index.cgi?ad - this in turn seems to be able to deliver a variety of malware.
bigadnet.com is running on a fast flux botnet, so it's highly distributed and resilient but not very reliable at actually delivering a payload.
SO how do you protect against this? My SQL server is not accesible via the web so how are they hitting it?
ReplyDeleteHey Joe,
ReplyDeleteDid you get a solution to this?
Do you know of any cure to infected sites?
ReplyDelete