AfterDawn: Tech news

SQL injection attack hits hundreds of thousands of websites

Written by James Delahunty (Google+) @ 02 Apr 2011 2:20 User comments (7)

SQL injection attack hits hundreds of thousands of websites Hundreds of thousands of websites have been hit by a code-injection attack that targets a problem with an unknown (so far) web application.
Websense has dubbed the widespread attack as "LizaMoon" after the website its researchers were initially directed to by the malicious code. The attack seems to have largely affected small website so far, with no reports of major corporate or government websites showing signs of being compromised.

Users visiting any hacked site are redirected to a prompt showing a bogus security warning, and may end up downloading "Windows Stability Center", a scareware application that provides fake scans and results on an infected system and gives the user a chance to buy a license to remove the fake threats.

Websense was contacted by people who found the code in their Microsoft SQL databases, using SQL Server 2000, 2005 and 2008. This does not mean there is a vulnerability in Microsoft SQL Server, Websense Security Labs stressed, but instead points the finger at a web application that is still, right now, unknown.

Mass code-injection attacks are not uncommon, but researchers are already calling this the largest of its kind. It is not likely to go away quickly either, as compromised sites will have to remove the malicious code and then update the vulnerable web application, whenever there is even a fix for it.

WebSense Security Labs posted the following video, which shows what happens to a system that is used to access a hacked URL.

Previous Next  

7 user comments

12.4.2011 6:23

"Unknown" web application? Right... :-D

Come on guys, it's April 2nd now.

22.4.2011 6:37

I'm writing a paper on SQL injections and plan on including this as a case study, it's not an April fool's joke is it?


http://my.afterdawn.com/mik3h/blog_entry.cfm/1394 - Guides written by me.
http://www.adbuddies.org/ - Join us Live on IRC!

(Kudos to Ripper For The Beautiful Sig!)

32.4.2011 15:59

I dunno. April 1st was the wrong time to post this if it's real news. Seeing the antiquated (and security-hole-ridden) IE6 used in the video made me think this is not legitimate news. (At least not recent legitimate news.) Seems like some reports of it are dated March 31st though, so I'm not sure.


43.4.2011 2:54

Some simple common sense will protect you and your PC....
Only 17 of 43 AV (antivirus) engines can detect it...
+1,500,000 URLs had inserted Javascript link to lizamoon.com "Ukraine or Russia"
http://www.technewsworld.com/rsstory/72191.html?wlc=1301818476
http://www.toptechnews.com/story.xhtml?story_id=77980&full_skip=1

This message has been edited since its posting. Latest edit was made on 03 Apr 2011 @ 4:33

Live Free or Die.
The rule above all the rules is: Survive !
Capitalism: Funnel most of the $$$ to the already rich.

53.4.2011 4:30

No, this is not an April fools joke and it is still on-going.

74.4.2011 6:14

In Other News:
SQL Slammer-Worm mysterious disappearance (January 2003 to March 2011)
http://goo.gl/fb/5hgGQ


Live Free or Die.
The rule above all the rules is: Survive !
Capitalism: Funnel most of the $$$ to the already rich.

Comments have been disabled for this article.

News archive