‘LizaMoon’ Mass SQL Injection Attack Escalates

A mass SQL injection attack that initially compromised 28,000 Websites has spiraled out of control. At the last count, more than a million sites have been compromised, with no end in sight. Millions of unique URLs have been infected with a rampant SQL injection attack Websense has dubbed “LizaMoon.” The SQL injection attack redirects users to a fake AV site.

Security firm Websense has been tracking the “LizaMoon” attack since it started March 29. The company’s malware researchers dubbed the attack LizaMoon after the first domain that victims were redirected to. At the redirected site, users saw a warning dialog that they had been infected with malware and a link to download a fake antivirus.

The users are shown a number of threats supposedly on their computer, but the fake AV, Windows Stability Center, won’t remove them until the user pays up. The list of redirect URLs has ballooned in the days since, as Websense updated its list March 31 with 20 additional sites, making this one of the biggest mass-injection attacks ever.

First, the good news: Users are hit with the Windows Stability Center scam only once, so visiting the site repeatedly doesn’t repeat the attack.

The bad news: Not many antivirus programs seem to be able to detect the Windows Stability Center. As more and more antivirus programs add detection, protect yourself and your users by making sure you are up to date with your antivirus program each and every day.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: