14 DAY TRIAL // The number of ASP and ASP.net sites compromised to host the script that points to the malicious nikjju.com domain has recorded a drop, but the cybercriminals aren’t giving up. Since we last reported about this mass SQL Injection attack, they have registered two new domains.
On May 3, F-Secure experts identified the njukol.com domain, registered on April 28 with the name of James Northone, from Plainview, New York, the same one used for Nikjju.com and hgbyju.com.
A simple Google search reveals that more than 21,000 addresses contain the malicious script.
E Hacking News has found a fourth domain that’s part of this campaign. Registered on May 5, uhjiku.com is hosted on the same IP address as the other ones, the owner’s details being the same.
Now, uhjiku.com shows up in more than 6,000 search results, many of the hijacked websites also containing references to the older domains.