Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Robint.us – Case Study In Mass Website Infection

June 10, 2010 - 2 min read

There have been numerous reports about the IIS/ASP SQL injection compromises that redirected users to ww.robint.us. See below for reading on this incident:

However, many of these posts do not discuss what was seen in terms of impact to actual users. Zscaler has millions of users from around the globe that use our cloud service. From our pool of users, this is what we saw:


  • The first transactions that we saw to ww.robint.us were on June 7, 2010 at 03:56 PT.
  • Zscaler became aware of and placed a block on the offending domain within the first 3 hours of the incident. Zscaler's inline A/V solution had signatures to detect the payload used prior to the attack.
  • To date, we have seen 1071 transactions to ww.robint.us across 71 unique users on 64 unique source IPs. Of the source IPs, 74% were from the United States, 6.5% from India, were from 4.3% from Germany, and the remaining 15.2% were spread across 7 other countries - illustrating the indiscriminate nature of the webserver attacks.

The ww.robint.us incident is considered a mass scale incident given that several thousand websites were impacted and used to redirect users to the malicious JavaScript. However, our data shows that a very small pool of our users (less than 1% of 1%) actually had attempted transactions to ww.robint.us, meaning that generally speaking the infected websites were fairly unpopular among our enterprise user base.

The below graph charts the transactions, source IPs and users impacted over time. Close to 50% (48.7%) of the transactions and 25% of the users that we saw were in the first 3 hours of the incident.



Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.