There have been numerous reports about the IIS/ASP SQL injection compromises that redirected users to ww.robint.us. See below for reading on this incident:
However, many of these posts do not discuss what was seen in terms of impact to actual users. Zscaler has millions of users from around the globe that use our cloud service. From our pool of users, this is what we saw:
The ww.robint.us incident is considered a mass scale incident given that several thousand websites were impacted and used to redirect users to the malicious JavaScript. However, our data shows that a very small pool of our users (less than 1% of 1%) actually had attempted transactions to ww.robint.us, meaning that generally speaking the infected websites were fairly unpopular among our enterprise user base.
The below graph charts the transactions, source IPs and users impacted over time. Close to 50% (48.7%) of the transactions and 25% of the users that we saw were in the first 3 hours of the incident.
By submitting the form, you are agreeing to our privacy policy.