Mass ASP.Net SQL Injection Infects Thousands Of Websites

Hackers have successfully infected about 180,000 websites based on Microsoft's ASP.Net platform with malware from jjghui.com/urchin.js. (SQL injection) which is similar to Lizamoon mass infection that spread terror among the masses a few months ago.

The attack, that started on the 9th of October, has been successful in affecting almost 1.5k sites, which have now been blacklisted, and about 80k+ pages on Google index have a JavaScript malware pointing to it, according to Google.




The visitors of six particular languages are highly vulnerable to the attack--English, German, French, Italian, Polish, and Breton, seen from the following deobfuscated script:


This causes the browser to load an iframe with one of two remote sites:
www3.strongdefenseiz.in and www2.safetosecurity.rr.nu. From there, the iframe plants malware on the visitor's PC via a number of browser drive-by exploits.

This exploit will load even if the visitor doesn't open a file or clicks on a link, which makes it perfect as the "affectee" remains unaware of the attack. The attackers are, however, using exploits that have already been discovered with the concerned patches available. Hence, the target can only be achieved if the visitor is using an outdated, unpatched browser without the latest version of Adobe PDF or Adobe Flash or Java.

Currently, only six out of 43 can detect this malware. These are AntiVir, ByteHero, Fortinet, Jiangmin, McAfee and McAfee-GW-Edition.


What is interesting is that the registration information for this domain is the same as the one used on the earlier Lizamoon domains:

Technical Contact:
James Northone jamesnorthone@hotmailbox.com
+1.5168222749 fax: +1.5168222749
128 Lynn Court
Plainview NY 11803
us

jjghui.com resolves to IP 146.185.248.3 (AS3999), which is in Russia. www3.strongdefenseiz.in resolves to 75.102.21.121 (AS36352), which is in the US and hosted by HostForWeb.com. www2.safetosecurity.rr.nu resolves to IP 67.208.74.71 (AS33597), which is in the US and hosted by InfoRelayOnlineSystems.

Which leads us to think that this may be the work of the infamous "Lizamoon mass infection" attackers.

1. ASP and ASP.NET websites are injected with the following script (text is here):


2. Contents of urchin.js is as seen below



3. The above script decodes to the following:

How to get IP address of another computer remotely

Hello friends, today i will explain you how to get IP address of any computer remotely. Using some very basic tricks we can find the IP address of any remote computer and then you can start your further hacking into the remote system like port scanning and finding vulnerabilities to enter in to the system and hack it. There are several methods to get an IP address of the victim but i will share few and specially the best one's that can tell you IP address in just few clicks and also all are free methods and special thing is about it is all are manual methods that means you did not require any tool.

How to find or get Ip address of somebody else remotely

4 ways to get the IP address of the Victim or another Computer:

1. Using PHP notification Script

2. Using Blogs and Websites

3. Using Read Notify service

4. Sniffing during Gmail and yahoo chat  sessions

As we are here to learn concepts so i will first explain what is an IP address and what's its importance. So friends very basic question What is an IP address? Why its important for hackers and security professionals?

What is an IP address? 

Basically IP address (Internet Protocol address) is a unique numerical value that is assigned to any computer or printer on a computer network that uses an internet protocol for communication purpose. Protocol is basically rules( for Network its rules for communication). 

IP address serves for two basic purposes:

1. Host or network interface identification

2. Location Addressing

For exploring more about IP addressing read on wikipedia.

How to Find IP address of another computer?

1. Using PHP notification Script

Using this Notification script you can get the IP address in just seconds. Steps of using this PHP script:

a. Download the PHP notify script and extract files.

b. Now you will get two files IP.html and index.php . You need to upload these two files to any free web hosting server.

Example: i used www.my3gb.com to upload these two files. Create an account there and upload these two files there as shown below.

c. Now you will need to send the link of index.php to the victim whose password you want to get. to get the link click on index.php shown in above snapshot. Now a new window will open copy the link in the address bar and send to the victim whose IP address you want.

d. Now when the victim opens the above link nothing will open but his Ip address is written into the ip.html file. So open the ip.html file to get his IP address.

e. That's all this method... I hope you liked it.

2. Using Blogs and Websites

This method is for those who have their blogs or websites. Normal users can also do this as blog is free to make. Make a new blog and use any stats service like histats or any other stats widget. Just add a new widget and put histats code there and save template. And send the link of your blog to your friend and get his IP.

That's only.

3. Using Read Notify service

This is an email based service. Steps to use Read Notify service:

a. First open the Read Notify website : RCPT

b. Now register on this website and then it will send you confirmation mail. Verify your account.

c. Once your account is activated. 

Do the following steps use this service:

1. Compose your email just like you usually would in your own email or web email program
2. Type:   .readnotify.com   on the end of your recipients email address (don't worry, that gets removed before your recipients receive the email). Like this: shiviskingg@gmail.com.readnotify.com  
3. Send your email

Some things to remember: 

• don't send to and from the same computer
• if your email program 'auto-completes' email addresses from your address book, you'll need to keep typing over the top of the auto-completed one to add the .readnotify.com
• if you are cc-ing your email to other readers, you must add tracking to all of them 

4.  Sniffing Yahoo and Gmail Chat sessions

With the help of Sniffers like ethereal, wireshark etc we can sniff the Gmail, and yahoo chat sessions while we are chatiing to any our friend and extract the IP address from there. I will explain this trick in detail in my next article as its a long article in itself.

5. Bonus Method for Online Gamers

We can also get the IP address from online games like counter strike, age of empires in Game ranger etc.. Many counter strike servers use amx mode. Just view which people are connecting and whats their IP addess as plugins show the IP address of people connecting to the game server.  If you have more access to counter strike server you can use status command in console. Just go to console and type "status"(without quotes) and press enter there you can see all players details his steam ID and much more depending upon server.

Now you have IP address but what you can do with an IP address.