LizaMoon Malware Attack Continues to Spread Rapidly

Monday, April 04, 2011



A website injection attack designed to trick people into installing fake Microsoft support software was discovered last week:

The so-called “mass-injection” attack, which experts say is the largest of its kind ever seen, has managed to insert malicious code into websites by gaining access to the servers running the databases behind the Internet, according to the technology security company that discovered it.

According to a Websense alert, the attacks started with the domain, which was created with false information. The attack dubbed “LizaMoon” redirects the user to a fake Microsoft “Windows Stability Center” which then claims that there are problems with your system and offers a software fix for a charge.

The Websense update on the attack states:

"The LizaMoon mass-injection campaign is still ongoing and more than 500,000 pages have a script link to according to preliminary Google Search results. We have also been able to identify several other URLs that are injected in the exact same way, so the attack is even bigger than we originally thought. All in all, a search on Google returns more than 1,500,000 results that have a link with the same URL structure as the initial attack. Google Search results aren't always great indicators of how prevalent or widespread an attack is as it counts each unique URL or page, not domain or site, but it does give some indication of the scope of the problem if you look at how the numbers go up or down over time."

Microsoft does not have a “Stability Center”, and it is not known yet if this is an identity theft ring or just a ploy to install malware on unsuspecting users machines.

Always be leery of online anti-virus messages, especially those that appear to auto-inspect your machine and tell you that viruses were detected.

Do not click any options in dialogue boxes that may appear, asking if you want to install the software. You best bet is to close the window and if it won’t allow you to do so, use task manager to close the program.

Source:  Cyber Arms

Possibly Related Articles:
Viruses & Malware
Antivirus malware Attack Headlines Alert Code Injection LizaMoon
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked