Last Updated: 2012-04-24 00:17:18 UTC
by Russ McRee (Version: 1)
Readers continue to write in conveying updates from sources regarding the Nikjju mass SQL injection campaign. Like the Lilupophilupop campaign from December, ASP/ASP.net sites are target and scripts inserted.
Be wary of <script src= hxxp://nikjju.com/r.php ></script> or <script src = hxxp://hgbyju.com/r.php <</script> and the resulting fake/rogue AV campaigns they subject victims to.
Infected site count estimations vary wildly but a quick search of the above strings will give you insight. Handler Mark H continues to track this one and indicates that the MO is similar to the lihupophilupop campaign but that they're trying some interesting things this round. We'll report if anything groundbreaking surfaces.
As always if you have logs to share send them our way via the contact form or any comment with any insight you want to share with readers.