Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 30th, 2011

Mass SQL Injection Attack Infects Over 28,000 Pages, Including iTunes Podcast

A new mass injection attack has infected over 28,000 pages and even made its way to iTunes according to security researchers from Websense.

Dubbed LizaMoon, after the domain hosting the malicious code, the attack uses SQL injection techniques to insert a rogue script element. Users who land on one of the compromised pages get redirected through several domains and finally land on a scareware site.

These sites mimic antivirus scans and tell visitors their computers are infected with malware in an attempt to convince them to download fake security programs. The programs display even more false warnings and ask users to pay for a license in order to clean their machines.

One interesting aspect of this attack is that malicious code also landed on iTunes podcast pages, although in a form that is harmless.

“The way iTunes works is that it downloads RSS/XML feeds from the publisher to update the podcast and list of available episodes. We believe that these RSS/XML feeds have been compromised with the injected code,” says Patrik Runald, senior manager for security research at Websense.

“The good thing is that iTunes encodes the script tags, which means that the script doesn’t execute on the user’s computer. So good job, Apple,” he adds.

Mass injection attacks are a common malware infection vector. The hackers exploit the trust users associate with the infected sites in order to push scareware or launch drive-by downloads.

In other circumstances, the search engine rank of compromised sites can be exploited to poison search results for popular keywords with malicious links in what is known as black hat SEO attacks.

Users are strongly advised to always surf with an up-to-date antivirus program capable of scanning Web traffic and to remain vigilant on all websites, regardless if they’ve used them before or not.

Credit: News

Share this item with others:

More on CyberInsecure:
  • Hit In Latest Mass Hack Attack
  • SQL Attacks Still Inject Websites Including Government Sites In US, UK
  • Phishing Botnet Expands By SQL Injecting Websites Found In Google
  • Apple iTunes Users Are Targeted By Phishers
  • New Lateral SQL Injection Method To Hack Oracle Database

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Mass SQL Injection Attack Infects Over 28,000 Pages, Including iTunes Podcast

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.