Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Millions of sites hit with mass-injection cyberattack (LizaMoon - instructions included)
Computerworld ^ | 4/01/11 | Sarah Jacobsson Purewal

Posted on 04/02/2011 9:25:45 AM PDT by Libloather

Millions of sites hit with mass-injection cyberattack
By Sarah Jacobsson Purewal
April 1, 2011 10:37 AM ET

PC World - Hundreds of thousands -- and possibly millions -- of websites have been hit with a cyberattack that some are calling "one of the biggest mass-injection attacks we've ever seen."

The attack was discovered on March 29 by security firm WebSense, and the injected domain was called lizamoon.com -- thus, the name of the mass-injection is "LizaMoon." According to WebSense, LizaMoon uses SQL Injection to add malicious script to compromised sites. While the first injected domain was lizamoon.com, additional URLs have since been injected in the attack (WebSense has a full list here).

The method of using an injected script redirects users to a rogue AV site, which tries to get people to install a fake anti-virus program called Windows Stability Center.

When WebSecurity discovered the attack on March 29, 28,000 URLs had been compromised. The number quickly grew to 226,000, including many iTunes URLs (though the malicious code is neutralized by Apple).

**SNIP**

The number of infected sites now appears to be over 1.5 million (at the time of this blog post, a quick Google Search shows 1.53 million infected URLs) -- but WebSense is quick to point out that a Google Search is an inaccurate metric. Google search spits back unique URLs, not unique hosts. Thus, there are likely less than 1.5 million infected sites, but WebSense says it's safe to say that the number is in the hundreds of thousands.

The attack continues to rampage across the Internet, and currently doesn't show any signs of slowing down. So don't install any web-based anti-virus software that claims your computer is full of bugs.

(Excerpt) Read more at computerworld.com ...


TOPICS: Crime/Corruption; Extended News; Government; News/Current Events
KEYWORDS: antivirus; cyberattack; exploits; hackers; injection; itsecurity; lizamoon; websites
Doesn't sound like a joke.
1 posted on 04/02/2011 9:25:51 AM PDT by Libloather
[ Post Reply | Private Reply | View Replies]

To: Libloather
don't install any web-based anti-virus software that claims your computer is full of bugs.

Ya think?

2 posted on 04/02/2011 9:29:11 AM PDT by Jeff Chandler (Cry havoc and let slip the dogs of kinetic military action.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Jeff Chandler

I know a guy who not only installed the fake AV software, he even PAID FOR IT!!!! I told him to call his CC company IMMEDIATELY! lol


3 posted on 04/02/2011 9:51:27 AM PDT by KoRn (Department of Homeland Security, Certified - "Right Wing Extremist")
[ Post Reply | Private Reply | To 2 | View Replies]

To: Jeff Chandler
It presents itself as "XP Anti-Spyware" , and even has Microsoft-looking logos . It says your system is vulnerable , that your firewall is down , and other insidious messages . It intercepts efforts to investigate . It it even lists bogus viruses (virii?) that it found . It offers to clean your system and sell you protective software . Don't buy it ! The local PC shop says it's even getting by anti-virus software.
4 posted on 04/02/2011 9:58:03 AM PDT by Bluenose
[ Post Reply | Private Reply | To 2 | View Replies]

To: Libloather
I wonder when it really started. My mother called me a couple of nights after Liz Taylor died (she was searching for articles on Taylor), and said she got a pop-up saying a virus was found, and to download, etc.

I didn't recognize any of what she read off, and told her to say no, and got her to run her own collection of av stuff.

Nothing was found, BTW, and it was Windows 7 Home.

5 posted on 04/02/2011 10:01:31 AM PDT by Calvin Locke
[ Post Reply | Private Reply | To 1 | View Replies]

To: Jeff Chandler; Libloather
March 25 I clicked on a link in a reply here on FR and away I went.

I wouldn't bite on the anit-virus that popped up, but my computer is still in the shop.

I notified FR, no reply yet.

6 posted on 04/02/2011 10:04:39 AM PDT by TYVets (Pure-Gas.org ..... ethanol free gasoline by state and city)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Libloather

So how do you check your own website to make sure it’s not infected?

(I have Symantec Endpoint and it says I’m clean.)


7 posted on 04/02/2011 10:04:47 AM PDT by samtheman
[ Post Reply | Private Reply | To 1 | View Replies]

To: Calvin Locke
I wonder when it really started.
The phenomenon of fake AV software has been around a long time. This is just some new variant.
8 posted on 04/02/2011 10:06:21 AM PDT by samtheman
[ Post Reply | Private Reply | To 5 | View Replies]

To: Libloather

It has tried twice on my system.


9 posted on 04/02/2011 10:11:23 AM PDT by clamper1797 (Pray for Obama ... Psalms 109:8)
[ Post Reply | Private Reply | To 1 | View Replies]

To: clamper1797

I ran AVG and malwarebytes after the attempts .. says I’m clean


10 posted on 04/02/2011 10:13:09 AM PDT by clamper1797 (Pray for Obama ... Psalms 109:8)
[ Post Reply | Private Reply | To 9 | View Replies]

To: samtheman
I know. I was referring to this specific threat, and wondering if it was what my mother hit, given the time frame.
11 posted on 04/02/2011 10:20:59 AM PDT by Calvin Locke
[ Post Reply | Private Reply | To 8 | View Replies]

To: Libloather
So don't install any web-based anti-virus software that claims your computer is full of bugs.

Is there anyone, anywhere, with as much brains as God gave a democrat, who doesn't already know that?

12 posted on 04/02/2011 10:22:17 AM PDT by Graybeard58 (Of course Obama loves his country. The thing is, Sarah loves mine.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: samtheman

I would grep for “ur.php” from /


13 posted on 04/02/2011 10:27:07 AM PDT by proxy_user
[ Post Reply | Private Reply | To 7 | View Replies]

To: Libloather

People still fall for those fave AV sites?
Wow..


14 posted on 04/02/2011 10:30:57 AM PDT by Lancey Howard
[ Post Reply | Private Reply | To 1 | View Replies]

To: Calvin Locke

Clue: Beware of any warning message that have flashing exclamation points.


15 posted on 04/02/2011 10:31:38 AM PDT by balls (0 lies like a Muslim (Google "taqiyya"))
[ Post Reply | Private Reply | To 11 | View Replies]

To: Lancey Howard

“fave” s/b “fake”


16 posted on 04/02/2011 10:32:29 AM PDT by Lancey Howard
[ Post Reply | Private Reply | To 14 | View Replies]

To: Libloather

There are several variants of this. I see them on a daily basis. Looks like I’m gonna be even busier now.


17 posted on 04/02/2011 10:32:36 AM PDT by unixfox (Abolish Slavery, Repeal The 16th Amendment!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Jeff Chandler
don't install any web-based anti-virus software that claims your computer is full of bugs.

Ya think?


I've seen a fair number of simliar attacks - All Antivirus software - usually when I'm googling an appropriate picture to post (jpg) ...

My experience is that no matter what you click on eg "No Thanks", "X - to close" "Back (previous window)" etc. the script still pops up the "Checking system" window and listing all the horrible viruses you've got.

My advice in such situations for PC users (MACS don't get viruses ;-):


18 posted on 04/02/2011 10:42:46 AM PDT by Tunehead54 (Nothing funny here ;-)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Libloather
I got tapped with that nasty 25th or 26th of March. I had just installed the latest upgrades for Java and Firefox when a five alarm attack commenced. I use AVG pro for my anti-virus, anti-spyware, anti-rootkit, firewall, link scanner, e-mail scanner, &c, &c. I could not get the AVG anti-virus scan to work, kept getting a list of 35 or 38 worms, trojans, and other assorted nasties.

Restarted in protected mode and ran a system reset. Good news, the latest system check point was from that morning prior to installing the Java update. After restoring to that check point system came up completely normal. Spent some time doing a full system scan and all was well with XP and my hardware.

I had a similar attack back a year or two ago. It also blocked the anti-everything package from functioning and insisted that I purchased it for some small ($30 $40??) price. Used the same procedure that time as well (safe mode restart, run system restore). The only difference compared to the latest attack was it came up in the "Blue Screen of Death" and it would not let you do anything else. The latest attack left most everything accessible but kept pimping you about the firewall and anti-virus being down from pop-ups attached to the task bar.

Regards,
GtG

19 posted on 04/02/2011 11:01:40 AM PDT by Gandalf_The_Gray (I live in my own little world, I like it 'cuz they know me here.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

ping


20 posted on 04/02/2011 11:07:57 AM PDT by raybbr (People who still support Obama are either a Marxist or a moron.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gandalf_The_Gray
PS I forgot to say I started first thing by shutting off my router. I've got a Tripp-Lite power distribution box under my monitor with switches for all the peripherals. Makes a partial shutdown of the system very quick and easy.

GtG

21 posted on 04/02/2011 11:07:58 AM PDT by Gandalf_The_Gray (I live in my own little world, I like it 'cuz they know me here.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Bluenose
It presents itself as "XP Anti-Spyware" , and even has Microsoft-looking logos . It says your system is vulnerable , that your firewall is down , and other insidious messages .

I had it hit me once. The 'giveaway' was that it scanned my entire hard drive (supposedly) in just a few seconds. It did look remarkably 'official', but that's just part of the game.

22 posted on 04/02/2011 4:36:13 PM PDT by UCANSEE2 (Lame and ill-informed post.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Tunehead54; All

In safe mode clear your internet cache as well. The fake stuff installs and keeps running from the temporary internet cache and cookie files....if you clear it early your deeper system registry and kernels won’t get corrupted or rewritten.


23 posted on 04/02/2011 6:03:51 PM PDT by mdmathis6 (Applied Christianity;a study in spiritual fiber optics connecting God's love to man!)
[ Post Reply | Private Reply | To 18 | View Replies]

To: mdmathis6

Thanks - Good advice! ;-)


24 posted on 04/02/2011 7:11:10 PM PDT by Tunehead54 (Nothing funny here ;-)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Libloather

If you don’t run as an admin these types of virus can’t install. You should run as a user unless install or making changes.


25 posted on 04/02/2011 7:17:45 PM PDT by ThomasThomas (Amnesia Deja Vu, I think I forgot this before.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Libloather

“So don’t install any web-based anti-virus software that claims your computer is full of bugs.”

No sh*t, what gave you that idea?


26 posted on 04/02/2011 9:45:43 PM PDT by max americana ( NF)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson