This seems like the week for SQL Injection attacks. First, MySQL.com was attacked and passwords from the site were extracted and published on the web. Now an attack called LizaMoon is running rampant throughout the internet and, according to the alert published by security company WebSense, has impacted over 380,000 unique URLs in the past few days.
One of the high profile sites that has been hit by the attack is Apple's iTunes, although the way the site handles the scripting tags appears to prevent the rogue code from running on a user's machine. If not properly secured, this could have been a big black stain on Apple's reputation.
Users who want to identify sites that have been impacted by the attack can use a simple Google search, replacing apple.com with the site of interest.
"src=https://lizamoon.com/ur.php" site:apple.com
The server that the script is redirecting users to is currently offline and not available to pings, but could be restarted at any time. Before the site was shutdown, the JavaScript redirected users to a fake antivirus site in an attempt to trick users into installing and running the software. The site was registered on March 25th to a James Northone and while the information about the domain is clearly falsified on the WebSense article, a current look at the domain now shows that the owner's address is in Plainview, NY. It's unclear if this information is now accurate or if the attacker simply made up fake information to prevent the authorities from shutting it down quickly.
44 Comments - Add comment