New Mass SQL Injection Attack

A new mass injection attack has infected over 28,000 pages and even made its way to iTunes according to security researchers from Websense.

 


Dubbed LizaMoon, after the domain hosting the malicious code, the attack uses SQL injection techniques to insert a rogue script element.

 

Users who land on one of the compromised pages get redirected through several domains and finally land on a scareware site.

 

These sites mimic antivirus scans and tell visitors their computers are infected with malware in an attempt to convince them to download fake security programs.

 

The programs display even more false warnings and ask users to pay for a license in order to clean their machines.

 

One interesting aspect of this attack is that malicious code also landed on iTunes podcast pages, although in a form that is harmless.

 

“The way iTunes works is that it downloads RSS/XML feeds from the publisher to update the podcast and list of available episodes. We believe that these RSS/XML feeds have been compromised with the injected code,” says Patrik Runald, senior manager for security research at Websense.

 

“The good thing is that iTunes encodes the script tags, which means that the script doesn’t execute on the user’s computer. So good job, Apple,” he adds.

 

Mass injection attacks are a common malware infection vector. The hackers exploit the trust users associate with the infected sites in order to push scareware or launch drive-by downloads.

 

In other circumstances, the search engine rank of compromised sites can be exploited to poison search results for popular keywords with malicious links in what is known as black hat SEO attacks.

 

Users are strongly advised to always surf with an up-to-date antivirus program capable of scanning Web traffic and to remain vigilant on all websites, regardless if they’ve used them before or not.

 

The original article may be found here

Comments are closed.