‘LizaMoon,’ a malicious code attack that has already infected more than a million websites. The world was rocked by LizaMoon–a SQL injection attack which has compromised well over one million Websites. No need to panic, though. A little information and common sense are all you need to make sure that LizaMoon is nothing more than a minor annoyance.
LizaMoon is a SQL injection attack that inserts malicious code on otherwise legitimate sites. However, don’t let the fact that it is called SQL injection cause you to jump to the conclusion that there is a flaw in Microsoft SQL Server.
As the Websense FAQ states, SQL injection is an attack that inserts malicious code into the database server by passing it through a vulnerable Web application. The Web application should have filters in place to filter and sanitize data to prevent rogue commands from passing through, but–as LizaMoon makes glaringly apparent–not all do.
The malicious code injected by LizaMoon redirects visitors from the compromised intended destination to an alternate site pushing rogue antimalware protection. You will see a pop-up warning that your PC is infected. Click OK, and the malicious code performs a fake scan of your system indicating a number of detected malware threats. If you click “Remove All” to eradicate the non-existent threats, you will instead download the real malware–the rogue AV software.
And most websites have protections in place to prevent them from getting infected in the first place. While LizaMoon has infested million of websites, security experts say it’s a run-of-the-mill threat that is mostly hitting obscure, low-traffic sites.
Websense the company that fights to stop these web attacks announced on its online blog: “Every time there’s a mass-injection like this, and there really hasn’t been anything this big before, we try to identify larger systems and sites that have been affected.”