I'm continuing to see ongoing SQLi attempts using the same injection technique we saw a couple of weeks ago. As one would expect the third-party site hosting the malicious JavaScript keeps changing. Below is a list of both the source IP addresses of the attempted SQLi attack as well as the script URL they're trying to inject:
**Last Updated 24-Jun-2010 12:45 EDT**
Source IP addresses of SQLi attacks:
86.197.85.243
218.248.42.113
Malicious Script URLs:
hxxp://oem.webserviceget.ru/js.js
hxxp://org.webservicefull.ru/js.js
hxxp://kernel.webserviceget.ru/js.js
These have been reported to MalwareDomains, ISC, Sucuri and Shadowservers.
Subscribe to:
Post Comments (Atom)
1 comment:
i think this one is the culprit?
http://www.m86security.com/labs/i/Another-round-of-Asprox-SQL-injection-attacks,trace.1366~.asp
Post a Comment