Skip to main content

Lizamoon Attack Claims Less Victims Than Feared

Swift action by security researchers has prevented the Lizamoon mass-injection attack from infecting a large number of users, it has been revealed.

The Lizamoon attack, named after the first website which was infected by it, was first discovered by security firm Websense on March 29th. At the time of the discovery, the mass-injection attack had already affected around 29,000 websites.

As the attack spread, the total number of URLs affected reached more than 1.5 million. Visitors to the infected websites were redirected to a web page which offered a free fake scan of their computer, after which, users were notified that their systems were supposedly infected by viruses and were prompted to install a fake anti-virus program.

According to a report on BBC News, security researchers were able to shut down rogue domain names that were used to propogate the scareware.

Some of the websites that were harbouring the scareware were already being blocked by some anti-virus software, the SQL injection attack only managed to infect some users.

Graham Cluley, senior security analyst at Sophos, said in a statement, “Attacks like this one do underline the poor security that exists on many websites on the internet including sites belonging to well-known organisations and brands.”

“It shouldn't be so easy for hackers to inject their malicious codes onto legitimate websites that receive lots of traffic, and too many firms are making it too easy to pass infections on to their customers,” he said.