Malware, Threat Management

Security firm tracks mass SQL injection attack

Share

At least 380,000 web pages have been infected via SQL injection to serve rogue anti-virus programs, known as scareware, security firm Websense reported Thursday. The sites were injected with code that directs victims to a website called Liza Moon, which automatically redirects users to a notorious site serving fake anti-virus. Both domains currently are down, according to Websense. This latest round appears to be targeting iTunes URLs that are used to update podcasts. This is one of the largest mass SQL injection attacks that Websense has detected since that style of attack became popular in 2008 and 2009.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.