Search This Blog

Powered by Blogger.

Blog Archive

Labels

skdjui.com : a New domain for the Nikjju SQL Injection attack

I have been tracking the Nikjju SQL Injection attack, an ongoing mass SQL injection attack, today i found another malicious domain that has been used in this attack.  The domain 'skdjui.com' is registered yesterday only(May 8,2012).

There is nothing surprise about Registrant details. Yes, it has same registrant details ,registered with same mail id 'jamesnorthone[at]hotmailbox.com'.

Exploiting the vulnerability in websites and injecting malicious scripts is not new one. Last year hackers inject malicious iFrame in lot of sites , researchers dubbed the attack as 'Lizamoon'.

The list of Malicious domains:
  1. Nikjju.com
  2. hgbyju.com
  3. hnjhkm.com
  4. njukol.com
  5. Uhjiku.com
  6. Uhijku.com
  7. skdjui.com
As i said before, All domains are hosted at 31.210.100.242 and has same registrant details.All domains uses the same file called 'r.php' for injection.


Uhjiku domain created on May 5 and skdjui created on May 8, hackers took only 3 days for creating another domain.

If you visit the compromised sites , the site will redirect you to malware distributing domain. 
Share it:

Malware Report

Mass Injection