In last December we had a security alert about SQL injection directs to "lilupophilupop.com", and in the January of this year we also gave a warning about 2M websites are tampered. Several months passed, the ISC SANS discovered another massive wave of SQL injection attacks as following figure.

 Massive Injection Searched by Google,

 

      As previous "Lilupophilupop SQL injection" attack, it still targets to ASP, IIS and MSSQL. Now we had known lots of sites are injected whether it can lead to successful attacks or not.

      AegisLan reminds the webmasters to check your own site, or using Google to discover it. And for users, better to have antivirus software installed. For MIS or CSO, better to consider deploying malicious URL filtering solution or product in the corporate environment.

By AegisLab