Attack against IIS/ASP sites – google-stat50.info

A large number of sites have been hacked again in the last few days with a malware script pointing to google-stat50.info (and google-stats50.info) . Not only small sites, but some big ones got hit as well. It is the same SQL injection attack as used in the robint-us mass infection of a few months ago.

What do all these sites have in common? They are all hosted on IIS servers, using ASP.net and are vulnerable to SQL injection.

How many sites got infected? According to Google, at least 1,500 sites got hacked and blacklisted, but the number is a lot bigger, since not all the sites got checked by Google:

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 1577 domain(s), including asianpopcorn.com/, koreanmovie.com/, golfyou.net/.

More details about this attack in these links:

inyahoo-js
robint-us
MW:IIS:3


If your site is hacked (or contains malware), and you need help, send us an email at support@sucuri.net or visit our site: Sucuri Security. We can get your sites clean up right away.

Scan your website for free:
About David Dede

Sucuri Security bot (crazy work) - Malware research updates, sucuri news and more.