New Mass SQL Injection Attack
New mass SQL injection attack infects thousands of pages. A new mass injection attack has infected over 28,000 pages and even made its way to iTunes according to security researchers from Websense. Dubbed LizaMoon, after the domain hosting the malicious code, the attack uses SQL injection techniques to insert a rogue script element.
Users who land on one of the compromised pages get redirected through several domains and finally land on a scareware site. These sites mimic antivirus scans and tell visitors their computers are infected with malware in an attempt to convince them to download fake security programs. The programs display even more false warnings and ask users to pay for a license in order to clean their machines. In the attack, malicious code also landed on iTunes podcast pages, although in a form that is harmless. Mass injection attacks are a common malware infection vector.