Thousands of websites infected by SQL injection attack

AN SQL INJECTION ATTACK campaign is spreading like wildfire, with 28,000 URLs that were initially reported to have infected code increasing to around 1.5 million within about four days.

In its latest update, Websense said that 1.5 million URLs have the same structure as the original attack. Although the figures only count URLs rather than individual domains or websites, the number of websites that have been compromised is likely to be in the thousands by now.

The first domain that Websense saw infected with bad code on 29 March was called Lizamoon.com. From there the infected script spreads to other websites through SQL injection, a technique that exploits insecure code through the database backend of a website.

Trend Micro is also monitoring the mass compromise, saying that the attack hits randomly and that it has seen "compromised websites related to astronomy, clubs, hospitals, sports, funeral homes, electronics, and others."

If you are unlucky enough to click on a website that has the infected Lizamoon code, it redirects your browser to a scareware rogue AV site, where you are given a pop-up warning that your computer is at risk and is infected with lots of malware.

You are then prompted to download fake antivirus software and further on pay money to remove the problems that it tries to make you believe you have. µ