Mass ‘Scareware’ Attack Hits 1.5M Websites, Still Spreading


Print Friendly, PDF & Email

A massive attack that’s trying to scare computer users into visiting a bogus antivirus site has infected more than 1.5 million websites and continues to spread, according to an Internet security firm.

Several pages on Apple’s iTunes store have been infected.

The so-called LizaMoon “SQL injection attack” began Tuesday and is being tracked by Websense. Such attacks redirect users by exploiting programming errors and poorly written code and scripts.

eWeek says the attack is “out of control … with no end in sight.” Nearly half the compromised sites are in the United States. Other affected countries include United Kingdom, Kuwait, India, Australia, Turkey, Brazil, Israel, Mexico, Taiwan and Chile.

VentureBeat writes that the attack “shows that malware is a bigger menace than ever and that many web sites aren’t protected.”

Websense has a Q&A about the attack.

(Source: USA Today)


  1. SQL injection is a famous security issue which is easy to protect against. Not protecting yourself from it is the equivalent of not putting locks on your front door. By analogy this attack is like a burglar walking door to do and just trying the doorknob. Hopefully this teaches all programmers to take security seriously.