Sponsored by..

Thursday, 12 June 2008

bigadnet.com - lastest SQL injection domain

A continuation of the latest wave of SQL Injection attacks is bigadnet.com - many sites infected with "older" attacks have been "upgraded" to bigadnet.net. The inserted code to look for is www.bigadnet.com/b.js which then forwards to bigadnet.com/cgi-bin/index.cgi?ad - this in turn seems to be able to deliver a variety of malware.

bigadnet.com is running on a fast flux botnet, so it's highly distributed and resilient but not very reliable at actually delivering a payload.

3 comments:

Unknown said...

SO how do you protect against this? My SQL server is not accesible via the web so how are they hitting it?

Rachit Agarwal said...

Hey Joe,

Did you get a solution to this?

Unknown said...

Do you know of any cure to infected sites?