Asprox SQL injection attacks return

THE NUMBER of websites infected by a new version of the Asprox malware has doubled overnight from 5,000 to 11,000, according to an insecurity firm.

Categorised as a "high severity" attack, Asprox is a Javascript file that targets websites that use ASP (Microsoft's Active Server Pages) software.

M86 Security said that the mass infections are directly linked to the return of the Asprox Spambot, based on a new binary code. This updated version of Asprox is launching both spam and SQL injection attacks.

Asprox first caused a stir in the media in 2008, after the company Finjan sent out a press release with a tabloid-baiting headline claiming that hackers were placing Asprox on government computers.

However, media outlets failed to understand that the Asprox toolkit had actually been around for a few years and it was only just then rising in attacks, most likely hitting government servers on the way.

In this case, the SQL attack queries a special table in the Microsoft SQL Server sysobjects and syscolumns structures, attempting to get the available 'user' tables and fields in the website's database.

Walking through the tables and fields, the attack appends the malicious script tag to the selected values, in effect poisoning the website's database. When a webpage uses a string from the poisoned database, the malicious script tag is injected. µ