Viral Scareware Infects Four Million Websites

oxide7 writes "A fast-spreading SQL injection attack that illegally peddles a bogus scareware has been breaking anti-virus barriers and compromising millions of websites, besides defrauding unsuspecting victims. The news of this attack was brought out by Websense Security Labs in its blog last week. Websense said its Threatseeker Network identified a new malicious mass-injection campaign which it named LizaMoon."

Re:Stupid

[clang_jangle]

"This latest viruses attack your computer's humours, exchanging it's good aire for foul and musty spirits, thus disrupting the subtle fires necessary to process your data. Most inauspicious. That's why you need Semantec's Miracle Oil, the Ninth Wonder of the Worlde!"

Re:more information

[grcumb]

which sites are vulnerable? are there any more precise information than "outdated CMS and blog systems" ??

As others have noted, the original article is much more informative.

First, only MS SQL Server seems to be affected. This isn't because of a flaw in SQL Server, but because the injection seems only to work on a web app that's designed to run this DBMS in the back end, The article authors note that they don't know which application this is, however. This seems a little surprising, given that they should be able to spot the commonality between all the infected sites.

Second, to determine whether your server is affected, just check to see whether your site now has an URL like http://domainname/ur.php. If it does, you're infected. If you run on Linux and Apache, it looks like you're safe from this particular attack.