Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Database
    • Networking

    LizaMoon Mass SQL Injection Attack Points to Rogue AV Site

    By
    Fahmida Y. Rashid
    -
    March 29, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Attackers have launched a large-scale SQL injection attack that has compromised several thousand legitimate Websites, including a few catalog pages from Apple’s iTunes music store.

      Websense Security Labs and the Websense Threatseeker Network discovered the mass-injection campaign that compromised over 28,000 URLs, including several iTunes URLs, according to Patrik Runald, a senior manager of security research at Websense Security Labs, who posted an alert on the Security Labs blog. The mass-injection attack has been named LizaMoon after the domain hosting the attack code.

      Unlike the recent SQL injection attack that affected MySQL.com and Sun.com, this mass injection is a SQL injection attack against a large volume of legitimate sites. The LizaMoon attack inserts a line of code referencing a PHP script that redirects users to another malware site.

      There can be many SQL injection attacks going on at any given time, but a mass injection refers to a large number of sites being affected at once from a single source.

      Websense Security Labs research shows that close to 80 percent of malicious Websites are legitimate sites that have been infected. “Sadly, these recent attacks are more examples of this ongoing wave,” Runald said in an email to eWEEK.

      In the case of iTunes, the attack focused on catalog pages displaying podcast information and the list of available episodes, which is downloaded from the publisher’s RSS/XML feeds. Websense believes the feeds have been compromised with injected code, which is why the attack code was appearing on the iTunes pages. However, because iTunes encodes the script tags, users are protected from the attack because the script can’t execute, according to Runald. “Good job, Apple,” he wrote.

      Websense recently reported malicious ads being served up by a third-party ad network on the free version of the Spotify streaming music service. Spotify removed all ads during the investigation, but turned them back on March 28.

      “What we see with the recent Spotify malicious ads and the inclusion of a few iTunes URLs in this recent malicious campaign is that the bad guys are continuing their attempts to attack where the most people are,” said Runald. Attackers know that these sites get a lot of traffic, which increases their chances of infecting somebody, he said.

      The domain hosting the attack script and the malware site it directs to are both unavailable at this time, so users are currently safe, Runald said. “That could change at any time,” as the links are already embedded on the pages and waiting for victims to come along, warned Runald. The PHP file appears to be a simple JavaScript code that redirects users to a well-known fake antivirus site.

      The LizaMoon domain was registered on March 25. A screenshot from Websense shows clearly fake information in the WHOIS details, such as having a street address of “fylyiliyl” and a phone address of “5686865868.” A second check on WHOIS at the end of the day March 29 showed updated information, with the domain being registered to an address in Plainview, N.Y., and the phone number listed as a legitimate landline.

      It isn’t clear at this time whether the updated registration information was an unsuspecting victim or the actual miscreant, although one would assume that an attacker would be a little smarter than that.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×