Friday, April 1, 2011

Large number of sites hit by SQL attack (Updated)

 A large number of sites seem to have been hit by an SQL attack being called LizaMoon. LizaMoon was the original URL that the attack was detected it by WebSense security lab. It seems at the moment thousands of sites have had the script injected into their site and have became part of the infections.

 The hacked sites will load a script that try's to load a FakeAV onto your machine. For those of you that do not know what a fakeav is it is a fraud security or pc tuneup application that will lock you out of your machine and keep asking you to buy the fake product to fix errors that do not exist. According to reports the fakeav at the time was Windows Stability Center. However with the rate that FakeAV's change (Most malware has a very short lifespan) it most likely will not remain that FakeAV for long.

 While researching the domain I did a twitter search to check if the domain was being spread through social media. It seems 3 days ago a social app called TweetLister Real Estate (Which from my research seems to be a twitter tool for real estate agents) was spreading a link to the LizaMoon url. It may have been that the TweetLister site was hacked for it seemed a few different sales agents were spreading the link.


 How many sites have been hit by this?: That is currently unknown but its most likely in the thousands. When IGL gets more info we will inform y'all

 How were the sites infected?: That is currently unknown also. Common reasons for hacked sites are outdated content systems and extensions that have security vulnerability.

 How can I stay safe from this attack?: Keeping an updated AV, updating your software on your machine, and updating your OS will help keep you safe from this wave of attacks. It will not keep you 100% safe but will deeply lower your chance of infection.

 Other information:

 WebSense Article 1
 WebSense Article 2
 Sophos Article


No comments:

Post a Comment