Hundreds of thousands of websites have been compromised by a huge cyber attack. The attack was based around a well known exploit on other sites to insert a link to their website. Those visiting the cyber crooks webpage were told that their machines were infected with many different viruses.
Security researchers were quick to react and they have managed to get the sites offering the dodgy software shut down. Security firm Websense has been tracking the attack since it started on 29th March. The initial count of compromised sites was 28,000 but it grew quickly to encompass hundreds of thousands.
Websense called it the ‘Lizamoon’ attack because that was the name of the first domain to which victims were redirected.
The fake software is called the Windows Stability Center and it is designed to look like an official Microsoft software package.
The redirections were carried out by an SQL injection attack. This was successful because many servers keeping websites running do not filter the text being send to them by web applications. Attackers can format the text carefully to conceal instructions in it that are then injected into the databases these servers are running. In this specific case the injection meant that a particular domain appeared as a redirection link on webpages served up.
Attackers were hitting sites using Microsoft SQL Server 2003 and 2005 and analysis shows that attackers managed to inject code to display links to 21 separate domains. The exact number of sites hit by the attack is hard to ascertain but a Google search for the attackers domains shows over 3 million weblinks.
KitGuru says: This is being classed as the most successful SQL injection attack ever seen.