Websense: Major SQL Injection Attack Infects over 28,000 Websites

The attack, which Websense has dubbed LizaMoon, injects a single line of code into websites that sends the user to a well-known fake security software site at defender-uqko.in.

By Kara Reeder | Posted Mar 30, 2011
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
V3.co.uk reports that Websense has uncovered a huge SQL attack that has infected over 28,000 legitimate Internet sites.

The attack, which Websense has dubbed LizaMoon, injects a single line of code into websites that sends the user to a well-known fake security software site at defender-uqko.in.

Some of the code has been spotted in iTunes URLs; however, Websense believes Apple's security policies likely blocked any attack:

The way iTunes works is that it downloads RSS/XML feeds from the publisher to update the podcast and list of available episodes. We believe that these RSS/XML feeds have been compromised with the injected code. The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer.

 

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter