'LizaMoon' SQL Injection Attack Sprawls Across NetBy Channel Insider Staff | Posted 2011-04-04 Email Print
A rampant SQL injection attack dubbed "Liza Moon" has infected millions of unique URLs, directing users to fake antivirus sites.A mass SQL injection attack that initially compromised 28,000 Websites has spiraled out of control. At the last count, more than a million sites have been compromised, with no end in sight.
Security firm Websense has been tracking the "LizaMoon" attack since it started March 29. The company’s malware researchers dubbed the attack LizaMoon after the first domain that victims were redirected to. At the redirected site, users saw a warning dialog that they had been infected with malware and a link to download a fake antivirus.
The users are shown a number of threats supposedly on their computer, but the fake AV, Windows Stability Center, won’t remove them until the user pays up, in a "very traditional rogue AV scam," wrote Patrik Runald, the Websense researcher who has been following the attack over the past few days.
The list of redirect URLs has ballooned in the days since, as Websense updated its list March 31 with 20 additional sites, making this one of the biggest mass-injection attacks ever.
More than 500,000 URLs have been injected with LizaMoon, according to Runald. If all the domains used in the attack are considered, eWEEK found about 2.9 million results on Google Search that have been compromised.
"Google Search results aren't always great indicators of how prevalent or widespread an attack is as it counts each unique URL, not domain or site," Runald said. It is safe to consider hundreds of thousands of domains have been hit, he said.
For more, read the eWEEK article: 'LizaMoon' Mass SQL Injection Attack Escalates Out of Control.
Given the fact that a referral lead is vetted on some level by a ch...