1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Over 226,000 Web Sites Hit With Mass Injection Attack

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Apr 2, 2011.

  1. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,129
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    check your sites, especially if you run a blog! :eek:


    Millions of Sites Hit With Mass-Injection Cyber Attack
    By Sarah Jacobsson Purewal
    April 1, 2011

    PC World - Hundreds of thousands -- and possibly millions -- of websites have been hit with a cyber-attack that some are calling "one of the biggest mass-injection attacks we've ever seen."

    The attack was discovered on March 29 by security firm WebSense, and the injected domain was called lizamoon.com -- thus, the name of the mass-injection is "LizaMoon."

    According to WebSense, LizaMoon uses SQL Injection to add malicious script to compromised sites. While the first injected domain was lizamoon.com, additional URLs have since been injected in the attack (WebSense has a full list).

    The method of using an injected script redirects users to a rogue AV site, which tries to get people to install a fake anti-virus program called Windows Stability Center.

    When WebSecurity discovered the attack on March 29, 28,000 URLs had been compromised. The number quickly grew to 226,000, including many iTunes URLs (though the malicious code is neutralized by Apple).

    "The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer," WebSense security blogger Patrik Runald wrote on Tuesday, "So good job, Apple."

    The number of infected sites now appears to be over 1.5 million (at the time of this blog post, a quick Google Search shows 1.53 million infected URLs) -- but WebSense is quick to point out that a Google Search is an inaccurate metric.

    Google search spits back unique URLs, not unique hosts. Thus, there are likely less than 1.5 million infected sites, but WebSense says it's safe to say that the number is in the hundreds of thousands.

    The attack continues to rampage across the Internet, and currently doesn't show any signs of slowing down. So don't install any web-based anti-virus software that claims your computer is full of bugs.

    http://www.computerworld.com/s/article/9215428/Millions_of_sites_hit_with_mass_injection_cyberattack
     
  2. worldismine

    worldismine Regular Member

    Joined:
    Feb 25, 2009
    Messages:
    380
    Likes Received:
    286
    Microsoft 03/05 databases are the only ones affected. -_-
     
  3. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    Good job whoever you are.
     
  4. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,129
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    that's what i thot at first, too. but i'd still check out my site since these guys are gooood! :cool: