Lizamoon: A Serious SQL Injection Attack

Image via Flickr user alancleaver_2000

According to some security experts, Lizamoon is the most successful SQL injection attack ever witnessed.  During its short lifespan it has already compromised hundreds of thousands of websites.  While reports vary on the number of infected sites, some put the number over four million.  But these sites aren’t even the real victims; they’re just pawns in a larger scareware plot to steal people’s money.

It all starts when a line of java script is surreptitiously injected into a webpage’s code. The script redirects the website’s visitors to a rogue AV site that initiates what appears to be a comprehensive anti-malware scan on the victim’s computer.  The scan finishes up rather quickly (certainly faster than any legitimate computer scan would take) and alerts victims that their computers have been infected with Trojans, worms, and other malware.

The victims are then prompted with an option to “remove” the malware by downloading a “malware-removing” executable.  At this point, those who have been duped into downloading the fraudulent software program, which is called “Windows Stability Center,” receive offers to purchase additional software that will allegedly remove the malware from their computers.

Recently, it was reported that the SQL injection redirects are ineffective because the compromised websites have been shut down.  Regardless, we should all keep an eye on Lizamoon because it has already proven itself to be a formidable threat.

As one computer security blog points out, Lizamoon is easily avoidable with a little bit of common sense.  The simple solution is to not download any unknown files.  For a bit of added security, it’s wise to become familiar with your computer’s existing antivirus software.  If you know what it’s called and what it looks like, you’ll be able to recognize a fake when it rears its ugly face.

This entry was posted in Malware Alerts and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>