Here we go again, the Fake AV criminals have come up with a new attack, the SonicWALL research team has received reports of a mass SQL injection infecting millions of websites. It is likely that the back-end databases of these websites were compromised leading to this SQL injection.
Malicious script codes were inserted and being served in webpages which when triggered redirects to malicious links that serves FakeAV malware.
The following are some of the reported Malicious URLs inserted on compromised webpages:
All of these URLs resolve to single IP: 184.108.40.206
SonicWALL Gateway AntiVirus provides protection against this threat via the following signatures:
• GAV: ScrInject.UR (Trojan)
• GAV: Suspicious#asprotect (Trojan)
If you don’t have a SonicWALL with the Gateway AntiVirus (or Comprehensive Security Suite), it is just a matter of time until this pops up on your network. Be prepared or better yet, contact IFix Computers for a SonicWALL that will protect your network.
Until we meet again, have a Fake AV free week!