SQL Flaw Enables Hijacking of Scores of Web Pages
Websense Security Labs has reported a massive new web attack that has successfully been able to redirect over a half of a million web pages to rogue antivirus sites. It is the largest known attack of this type so far, and poses a threat to users across the globe. The flaw allowed malicious code to be injected into the SQL databases that run many sites, altering the destination in the end user’s browser. Once taken to the hijacked site, a malicious antivirus program called Windows Stability Center is installed to the user’s computer which will prompt them to enter credit card information to repair the “problems” on the PC.
The attack, now dubbed “LizaMoon” was first detected on the domain lizamoon.com and has spread at an alarming rate in the last few days. There were even some pages related to Apple’s iTunes service that were infiltrated by the bug, although the threat was rendered ineffective due to the coding of those particular sites. While iTunes users need not worry that the usage of the iTunes program poses any direct threat at present, the fact that any part of a major web property such as this could be vulnerable to such an attack should give pause to anyone who actively uses the Internet.
Fake antivirus programs have been an enormous threat to users in recent years, but the scope of this attack has brought the tactic to a whole new level. Unaware users now run the risk of infection simply by visiting sites that they may have been to numerous times in the past. Due to the rapid spread of this attack, many legitimate antivirus and antimalware programs still do not detect the threat, leaving users powerless to prevent the infection. At present, Virus Total estimates that only 13 out of 43 incidents are being detected by existing antivirus programs.
For those affected, it is vital to remember never to enter financial information into a program that you don’t recognize, no matter what warnings the software may be claiming to give you. Make sure that any antivirus or antimalware program you are currently using is updated with the latest threat definitions and that you are conducting scans regularly.