Pages: 1 « previous     next »
Author Topic: "Lizamoon" attack hits millions of sites  (Read 5216 times) Bookmark and Share
Jr. Member
Posts: 75

View Profile WWW
« on: Apr 01, 2011, 03:31:30 pm »

FYI, not an April Fools joke.

PC World - Hundreds of thousands -- possibly millions -- of websites have been hit with a cyberattack that some are calling "one of the biggest mass-injection attacks we've ever seen."

The attack was discovered on March 29 by security firm WebSense, and the injected domain was called -- thus, the name of the mass-injection is "LizaMoon." According to WebSense, LizaMoon uses SQL Injection to add malicious script to compromised sites. While the first injected domain was, additional URLs have since been injected in the attack (WebSense has a full list here).

Visitors to various "lizamoon" addresses are greeted with bogus warnings that their computers have been compromised, according to Websense.

The exploit appears to inject code into the "title" attribute, judging by the images and code samples.
Pages: 1
Jump to: