<div style='background-color: none transparent;'></div>
Home » » Malware Domains Used in the SQL Injection Attacks

Malware Domains Used in the SQL Injection Attacks

Whereas the value of these malicious domains lies in the historical preservation of evidence, as long as hundreds of thousands of sites continue operating with outdated and unpatched web applications, the list is prone to grow on a daily basis, thanks to copycats and the Asprox botnet. The Shadowserver Foundation's list of malicious domains used in the SQL injection attacks :

nihaorr1.com
free.hostpinoy.info

xprmn4u.info
nmidahena.com
winzipices.cn
sb.5252.ws
aspder.com

11910.net
bbs.jueduizuan.com
bluell.cn

2117966.net
s.see9.us
xvgaoke.cn
1.hao929.cn
414151.com
cc.18dd.net

kisswow.com.cn
urkb.net
c.uc8010.com
rnmb.net
ririwow.cn
killwow1.cn
qiqigm.com
wowgm1.cn
wowyeye.cn
9i5t.cn
computershello.cn
z008.net
b15.3322.org
direct84.com
caocaowow.cn
qiuxuegm.com
firestnamestea.cn
qiqi111.cn
banner82.com s
meisp.cn

okey123.cn
b.kaobt.cn
nihao112.com
al.99.vc
aidushu.net
chliyi.com

free.edivid.info
52-o.cn
actualization.cn

d39.6600.org
h28.8800.org
ucmal.com
t.uc8010.com
dota11.cn

bc0.cn
adword71.com
killpp.cn

w11.6600.org
usuc.us
msshamof.com
newasp.com.cn

wowgm2.cn
mm.jsjwh.com.cn
17ge.cn
adword72.com
117275.cn

vb008.cn
wow112.cn
nihaoel3.com

Some new additions that I'm tracking :

a.13175.com
r.you30.cn
d39.6600.org
001yl.com
free.edivid.info
aaa.1l1l1l.Com/error/404.html
cc.buhaoyishi.com/one/hao5.htm?015
aaa.77xxmm.cn/new858.htm?075
llSging.com/ww/new05.htm?075

shIjIedIyI.net/one/hao8.htm?005

congtouzaIlaI.net/one/hao8.htm?005
aa.llsging.com/ww/new05.hTm?075

The rough number of SQL injected sites is around 1.5 million pages, in reality the number is much bigger, and there are several ongoing campaigns injecting obfuscated characters making it a bit more time consuming to track down. Who's behind these attacks? Besides the automation courtesy of botnets, the short answer is everyone with a decent SQL injector, and today's SQL injectors have a built-in reconnaissance capabilities, like this one which I assessed in a previous post.
Share this article :
 
Copyright © 2011. Dancho Danchev's Blog - Mind Streams of Information Security Knowledge . All Rights Reserved
Company Info | Contact Us | Privacy policy | Term of use | Widget | Advertise with Us | Site map
Template Modify by Creating Website. Inpire by Darkmatter Rockettheme Proudly powered by Blogger