SQL injection attack has compromised nearly 200,000 ASP.Net sites

Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft’s ASP.Net platform. About 180,000 pages have been affected so far, security researchers say.

Attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rr.nu [1]

Fortunately, the attack will only be successful if the user uses an outdated or unpatched browser without the latest version of Adobe Reader, Flash, or Java.

In the company I worked for, the system administrator only released new updates once a month. If this is also the case for many other companies, this window of time would allow for such an attack to be successful. This is always the challenge in computer security. Simply keeping up with the latest threats is a job in and of itself.

[1] http://www.infoworld.com/d/security/massive-sql-injection-attack-has-comprised-nearly-200000-aspnet-sites-176667