Jump to content


This topic is now archived and is closed to further replies.


Mass Infection Of Iis/asp Sites

Recommended Posts



Mass Infection of IIS/ASP Sites

- http://isc.sans.edu/diary.html?storyid=8935

Last Updated: 2010-06-09 19:01:51 UTC - "Sucuri.net has released a report about a large number of sites that have been hacked and contain a malware script. A quick Google today indicates that there are currently 111,000 sites still infected. It appears that this is only impacting websites hosted on Windows servers. The situation is being investigated. For those who are hosting there websites on Windows IIS/ASP you may find more information here:

- http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html

June 8, 2010 - "... sites have been hacked in the last day with a malware script pointing to

http ://ww.robint .us/u.js. Not only small sites, but some big ones got hit as well..."


- http://nsmjunkie.blogspot.com/2010/06/anatomy-of-latest-mass-iisasp-infection.html


Update: Paul at Sophos logs has released some additional information regarding this exploit and Infection. Thanks Paul.

- http://www.sophos.com/blogs/sophoslabs/?p=9941


SQL injection attacks...

- http://www.theregister.co.uk/2010/06/09/mass_webpage_attack/

9 June 2010 - "... Robint.us has been disabled, thanks to a sinkholing effort carried out by volunteer security outfit Shadowserver Foundation. The action will allow Shadowserver researchers to get a complete list of compromised sites and to gather additional information about how the attack was carried out.."


Shadowserver Sinkholing domain associated with SQLi attacks on IIS/ASP web servers

- http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100609

9 June 2010


:ph34r: :grrr: :ph34r:


Share this post

Link to post
Share on other sites

  • Create New...