Security Market Segment LS
Thursday, 31 March 2011 17:19

Rogue AV peddler behind LizaMoon SQL injection attack?

By

A new SQL injection attack has compromised tens of thousands of URLs according to a security vendor. The attack was initially used to push rogue AV malware.


Websense Security Labs officials say they have discovered a new SQL injection attack that has compromised more than 28,000 URLs, including some on iTunes. At the time of writing the number appeared to have increased to more than 80,000, though a (presumably small) proportion of those would be pages describing the attack itself rather than compromised pages.

The attack has been dubbed LizaMoon because it uses a script hosted at lizamoon.com, a domain recently registered with fake contact information.

WebSense officials suggested the iTunes URLs were affected by attacking podcast publishers' RSS feeds, and noted that the way Apple encodes script tags prevents the scripts from running on the target computer.

In situations where it did run, the script redirected to "a well-known rogue AV site," they said.

Both the site hosting the script and the rogue Av site are now said to be unreachable.

SQL injection attacks rely on poor coding practices that allow commands to be executed by including them in strings such as search parameters. There have been suggestions that some of the affected sites were using third-party routines that were vulnerable to the attack.

CHIEF DATA & ANALYTICS OFFICER BRISBANE 2020

26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments