CoderZone.org
Pages: 1 « previous     next »
  Print  
Author Topic: "Lizamoon" attack hits millions of sites  (Read 4875 times) Bookmark and Share
Max
Jr. Member
*****
Posts: 75



View Profile WWW
« on: Apr 01, 2011, 03:31:30 pm »

FYI, not an April Fools joke.

PC World - Hundreds of thousands -- possibly millions -- of websites have been hit with a cyberattack that some are calling "one of the biggest mass-injection attacks we've ever seen."

The attack was discovered on March 29 by security firm WebSense, and the injected domain was called lizamoon.com -- thus, the name of the mass-injection is "LizaMoon." According to WebSense, LizaMoon uses SQL Injection to add malicious script to compromised sites. While the first injected domain was lizamoon.com, additional URLs have since been injected in the attack (WebSense has a full list here).

Visitors to various "lizamoon" addresses are greeted with bogus warnings that their computers have been compromised, according to Websense.

The exploit appears to inject code into the "title" attribute, judging by the images and code samples.
Logged
Tags:
Pages: 1
  Print  
 
Jump to: