Attacks against IIS/ASP sites – alisa-carter dot com

Over the last few days, we’ve seen a number of sites getting hacked with a malware script pointing to http://alisa-carter.com/ur.php . It is done using the same SQL injection attack as used in therobint-us mass infection a few months ago.

Multiple domains are being used to distribute the malware, including:

http://alisa-carter.com/ur.php
http://google-stats50.info/ur.php
http://pop-stats.info/ur.php
http://sol-stats.info/ur.php
http://online-guest.info/ur.php
http://google-stats48.info/ur.php
http://google-stats49.info/ur.php
http://google-stats50.info/ur.php
http://multi-stats.info/ur.php


All of them hosted at 95.64.9.18. Google already blacklisted more than 500 sites due to this infection, and the number is growing:

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 503 domain(s), including jtjy.com/, hectorandstreak.com/, kpic.or.kr/.

A good way to check if your site is infected, is by using our malware scanner. If you see IIS:4 as the malware code, you know what happened.

If you have any questions or need help cleaning it up, let us know. If you need immediate clean up assistance, visit our Sign Up page.

1 comment

Comments are closed.

You May Also Like