A couple of weeks ago we blogged about mass SQL injections. After that it went quiet but the attacks have now started again, this time pointing to several different domains.

During the last few days we've seen the same type of encoded SQL script as in the previous case being inserted into ASP/ASP.NET pages. The scripts point to the following domains:

   yl18.net
   www.bluell.cn
   www.kisswow.com.cn
   www.ririwow.cn
   winzipices.cn

All of the domains above are pointing to IP addresses in China.



Just like last time the scripts attempt to use several exploits to infect the user's computer.