Lately we have noticed an increase in SQL-Injection attacks on our IIS webserver. While all attacks have the common user_agent CV32ts, they seem to be coming from a very large botnet where each attack has been initiated from thousands of different IP addresses.
Searching the internet, it appears that there are 3 different variants of the same botnet each reporting a different user_agent of CZ32ts, NV32ts and TL32Sn. Here is what we know about the bots:
If this happens to you, be sure to read up on How to protect from a SQL injection in ASP.NET. and also check out the MS site for best practices for preventing SQL injection attacks.
Copyright 2017 Alter Procedure All Rights Reserved