Monday, January 23, 2012

Lilupophilupop Exceeds 1million infected pages

The Internet Storm Center published a story on the recent Lilupophilupop malware infections. They had originally written about it back in November.  1 month later, the infections had increased:
  • UK - 56,300
  • NL - 123,000
  • DE - 49,700
  • FR - 68,100
  • DK - 31,000
  • CN - 505
  • CA - 16,600
  • COM - 30,500
  • RU - 32,000
  • JP - 23,200
  • ORG - 2,690
In order to see if your site has been effected, search for "<script src="hxxp://lilupophilupop.com/" in google and use the site: parameter to hone in on your domain. For example, in Google type site:yoursite.com "<script src=hxxp://lilupophilupop.com/ ( note: we changed to hXXp so you don't actually go there. ) This is a nasty SQL Injection attack, so be careful when doing your investigation.   Original story is here. http://isc.sans.edu/diary/Lilupophilupop+tops+1million+infected+pages/12304    

Posted by at No comments:
Subscribe to: Posts (Atom)