Saturday, October 8, 2011

Lizamoon SQL Injection Hit Contaminates One Million Plus Webpages

In a gigantic and mammoth bunch injection assault, cyber criminals have infected more than hundreds of thousands of websites with malicious code.

The assault that was originally discovered by security company Websense, has exaggerated and hit more than 1.5 million web pages. When the company got the earliest discovery of the attack, on March 29th, anywhere around 28,000 web pages were that time hit by the attack.

As per to the company, the hit, which is being called as the Lizamoon attack, is a form of SQL injection attack that is used to inject malicious code in to the database of websites based on PHP and ASP.

The hit was named after the first website to be infected by it. Users viewing or opening the infected pages are attacked by counterfeit virus warnings, declaring that the computer is infected by many malware.

The company alleged in a blog post that the Lizamoon attack made their inroads by also infecting many iTunes podcasts web pages.

“The technique iTunes works is that it downloads RSS/XML feeds from the publisher to update the podcast and list of accessible episodes. We suppose that these RSS/XML feeds have been cooperative with the injected code. The excellent fixation is that iTunes encodes the script tags, which means that the script doesn't implement on the user's computer. That is somewhat good that the damage will not occur in large scale” the company explained.



No comments:

Post a Comment