Feature

Video: Lizamoon SQL injection attacks step up fast to hit hundreds of thousands of websites

A mass injection attack dubbed Lizamoon is spreading rapidly and has infected up to more than 1.5 million URLs.

The attack was first announced by Websense on Tuesday, when the content-filtering firm said 28,0000 web pages had been infected.

"The Lizamoon mass injection is one of the largest mass injection campaigns we have ever seen," said Carl Leonard of Websense Security Labs.

The number of the compromised URLs is still increasing, and more domains or payload sites have started to be involved, in addition to the original lizamoon.com, he said. These include world-of-books.com, alexblane.com, and alias-carter.com.

The attack uses SQL injection techniques to insert rogue code into the databases of PHP and ASP websites.

Websense says it is not aware of a vulnerability in Microsoft SQL Server 2003 and 2005. The most likely vulnerabilities, researchers say, are in the web systems used by these sites, such as outdated CMS and blog systems.

The payload sites remain inactive at present, says Leonard, although they could be 'switched' on at any time.

"We can only speculate as to what the bad guys are waiting for," he said.

According to Websense, all the injected code does is a redirect to a rogue antivirus site, but researchers has seen the scripts change over time to redirect to several different rogue antivirus sites.

The fake sites display fake antivirus alerts to persuade people to download a rogue application called Windows Stability Center.

If downloaded, the malware displays security alerts and advises users to buy a licence to fix the problems. The aim is to steal the payment and the buyers' credit card details.

Video: LizaMoon mass injection explained


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in April 2011

 

COMMENTS powered by Disqus  //  Commenting policy