No End in Sight': Malicious Web Attack Hits Million+ Sites, Still Spreading

USA today:

A massive attack that's trying to scare computer users into visiting a bogus antivirus site has infected more than 1.5 million websites and continues to spread, according to an Internet security firm.

Several pages on Apple's iTunes store have been infected.

The so-called LizaMoon "SQL injection attack" began Tuesday and is being tracked by Websense. Such attacks redirect users by exploiting programming errors and poorly written code and scripts.

eWeek says the attack is "out of control ... with no end in sight." Nearly half the compromised sites are in the United States. Other affected countries include United Kingdom, Kuwait, India, Australia, Turkey, Brazil, Israel, Mexico, Taiwan and Chile.

VentureBeat writes that the attack "shows that malware is a bigger menace than ever and that many web sites aren't protected."

All Things Digital explains what the hack does:

The hack seeks to trick Web users into believing that their computer has been compromised by viruses and prompts them to download fake security software that itself causes further problems. Among the sites serving up the links to the fake software sites are some belonging to Apple and used on its iTunes store, though Apple is said to have cleaned up the affected code on its site.

Websense says that so far it appears that sites using Microsoft SQL Server 2003 and 2005 are at risk, though as yet SQL Server 2008 doesn’t appear to be affected. No word yet from Microsoft about any of this, though I’ve asked them for a comment.

Microsoft did end up commenting:

Microsoft is aware of reports of an ongoing SQL injection attack. Our investigation has determined these sites were exploited using a vulnerability in certain third-party content management systems. This is not a Microsoft vulnerability

Via Computer Weekly is a video explaining the LizaMoon injection: