LizaMoon SQL Injection Affected 380,000 URLs Including iTunes

After the SQL Injection attacks on MySQL.com; Now an attack called "LizaMoon" is running rampant throughout the internet. According to WebSense, it has impacted over 380,000 unique URLs in the past few days.One of the high profile sites that has been hit by the attack is Apple's iTunes, although the way the site handles the […]

After the SQL Injection attacks on MySQL.com; Now an attack called "LizaMoon" is running rampant throughout the internet. According to WebSense, it has impacted over 380,000 unique URLs in the past few days.

One of the high profile sites that has been hit by the attack is Apple's iTunes, although the way the site handles the scripting tags appears to prevent the rogue code from running on a user's machine. If not properly secured, this could have been a big black stain on Apple's reputation.

Users who want to identify sites that have been impacted by the attack can use a simple Google search, replacing apple.com with the site of interest.

"src=http://lizamoon.com/ur.php" site:apple.com

LizaMoon Google Search Results

v Injection

The server that the script is redirecting users to is currently offline and not available to pings, but could be restarted at any time. Before the site was shutdown, the JavaScript redirected users to a fake antivirus site in an attempt to trick users into installing and running the software.

A Google Search now returns over 380,000 results. Do note that this is a count of unique URLs, not infected hosts. Still, it makes it one of the bigger mass-injection attacks we have ever seen.

[Source]