Lizamoon Strikes Millions

SQL Inject Dubbed 'Most Successful'
Lizamoon Strikes Millions
A malicious, mass SQL injection known as Lizamoon could be affecting more than 1 million URLs, according to a blog posting by Patrik Runald, senior manager for security research at Websense, which offers Internet security products and services. Lizamoon has been dubbed by some as being one of the cyberworld's most successful SQL attacks. The attack, which launched March 29, has hit more than 28,000 sites and is expected to grow. Websense, which named the attack, reports hackers are inserting links to their malicious website by exploiting security loopholes.

In his blog, which posted late Thursday, Runald writes that, based on Google Search results, more than 500,000 URLs have a script link to lizamoon.com. Websense Labs identified other URLs that are injected in the exact same way, so the attack is even bigger than the security firm originally thought.

"Google Search results aren't always great indicators of how prevalent or widespread an attack is, as it counts each unique URL, not domain or site, but it does give some indication of the scope of the problem if you look at how the numbers go up or down," Runald writes.

The domain lizamoon.com was registered March 26. Users who visit the malicious site, after clicking links on legitimate but infected sites, are told their machines are infected with non-existent viruses; users are then asked to download a fake anti-virus software called Windows Stability Center. "To fix them you have to pay for the full version of the application," Runald writes. "Very traditional rogue AV scam."

Early reports suggested the attackers were hitting sites using Microsoft SQL Server 2003 and 2005. Weaknesses in Web application software could be to blame.

Among the URLs infected is the one for iTunes catalogue page displaying podcast information. "The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer," Runald wrote. "So good job, Apple."

Sites hosting the malicious software have since been shut down.


About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 28 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from the North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global Summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.