Websense: Major SQL Injection Attack Infects over 28,000 Websites

V3.co.uk reports that Websense has uncovered a huge SQL attack that has infected over 28,000 legitimate Internet sites.

The attack, which Websense has dubbed LizaMoon, injects a single line of code into websites that sends the user to a well-known fake security software site at defender-uqko.in.

Some of the code has been spotted in iTunes URLs; however, Websense believes Apple’s security policies likely blocked any attack:

The way iTunes works is that it downloads RSS/XML feeds from the publisher to update the podcast and list of available episodes. We believe that these RSS/XML feeds have been compromised with the injected code. The good thing is that iTunes encodes the script tags, which means that the script doesn’t execute on the user’s computer.


Latest Articles

Follow Us On Social Media

Explore More