Urgent Block: lilupophilupop-dot-com (SQL Injection)
December 2nd, 2011 - "(The ISC*) is reporting that there’s a SQLi campaign going on right now with the malicious domain lilupophilupop .com being injected into sites running MSSQL. We will block that domain on the next update but you shouldn’t wait…"
Last Updated: 2011-12-02 11:24:01 UTC - "... discovered yesterday about 80 sites showed in Google... and a few minutes ago 4000+. Targets include ASP sites and Coldfusion... The attack seems to work on all versions of MSSQL..."
Diagnostic page for AS:48691 (SPECIALIST)
"... The last time Google tested a site on this network was on 2011-12-10, and the last time suspicious content was found was on 2011-12-10... Over the past 90 days, we found 15 site(s) on this network, including, for example, lilupophilupop .com, sweepstakesandcontestsinfo .com, sweepstakesandcontestsnow .com... that appeared to function as intermediaries for the infection of 189 other site(s)... We found 30 site(s), including, for example, lilupophilupop .com, sweepstakesandcontestsinfo .com, sweepstakesandcontestsnow .com, that infected 1504 other site(s)..."
11 October 2010 - "...blocking 188.8.131.52 - 184.108.40.206 (220.127.116.11/22) is probably a good idea..."
inetnum: 18.104.22.168 - 22.214.171.124
descr: Specialist, Ltd.
Country: MD (Moldova)
"... malware that connects using an IP address instead of a domain name will -not- be blocked when you use just domain name lists..."