The Weekly Geek

I'm the Geek so you don't have to be!

The Weekly Geek random header image

Mass SQL Injection leads to more Fake AV scares

May 2nd, 2011 · 3 Comments

Here we go again, the Fake AV criminals have come up with a new attack, the SonicWALL research team has received reports of a mass SQL injection infecting millions of websites. It is likely that the back-end databases of these websites were compromised leading to this SQL injection.

Malicious script codes were inserted and being served in webpages which when triggered redirects to malicious links that serves FakeAV malware.

The following are some of the reported Malicious URLs inserted on compromised webpages:
• alexblane(dot)com/ur.php
• alisa-carter(dot)com/ur.php
• books-loader(dot)info/ur.php
• lizamoon(dot)com/ur.php
• milapop(dot)com/ur.php
• t6ryt56(dot)info/ur.php
• tadygus(dot)com/ur.php
• Worid-of-books(dot)com/ur.php
All of these URLs resolve to single IP:   91.213.29.182
SonicWALL Gateway AntiVirus provides protection against this threat via the following signatures:
• GAV: ScrInject.UR (Trojan)
• GAV: Suspicious#asprotect (Trojan)

If you don’t have a SonicWALL with the Gateway AntiVirus (or Comprehensive Security Suite), it is just a matter of time until this pops up on your network. Be prepared or better yet, contact IFix Computers for a SonicWALL that will protect your network.

Until we meet again, have a Fake AV free week!

Tags: Malware · Security · Virus · Worms

3 responses so far ↓

  • 1 sonal // May 18, 2011 at 8:28 am

    pls send me the signature of scrinject.ur (Trojan)

  • 2 Kent // May 18, 2011 at 7:33 pm

    You need to check with your anti-virus provider.

  • 3 Kent // May 22, 2011 at 12:18 pm

    McAfee does not appear to have anything to block this. It appears they want you to have a hardware device like a SonicWall to block this.

Leave a Comment