GovInfoSecurity.com

A malicious, mass SQL injection known as Lizamoon could be affecting more than 1 million URLs, according to a blog posting by Patrik Runald, senior manager for security research at Websense, which offers Internet security products and services. Lizamoon has been dubbed by some as being one of the cyberworld's most successful SQL attacks. The attack, which launched March 29, has hit more than 28,000 sites and is expected to grow. Websense, which named the attack, reports hackers are inserting links to their malicious website by exploiting security loopholes.

In his blog, which posted late Thursday, Runald writes that, based on Google Search results, more than 500,000 URLs have a script link to lizamoon.com. Websense Labs identified other URLs that are injected in the exact same way, so the attack is even bigger than the security firm originally thought.

"Google Search results aren't always great indicators of how prevalent or widespread an attack is, as it counts each unique URL, not domain or site, but it does give some indication of the scope of the problem if you look at how the numbers go up or down," Runald writes.

The domain lizamoon.com was registered March 26. Users who visit the malicious site, after clicking links on legitimate but infected sites, are told their machines are infected with non-existent viruses; users are then asked to download a fake anti-virus software called Windows Stability Center. "To fix them you have to pay for the full version of the application," Runald writes. "Very traditional rogue AV scam."

Early reports suggested the attackers were hitting sites using Microsoft SQL Server 2003 and 2005. Weaknesses in Web application software could be to blame.

Among the URLs infected is the one for iTunes catalogue page displaying podcast information. "The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer," Runald wrote. "So good job, Apple."

Sites hosting the malicious software have since been shut down.