Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Mass SQL injection attack leads to scareware

01 Apr 2011   #1
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
Mass SQL injection attack leads to scareware

Security researchers from WebSense have detected a mass SQL injection attack (hxxp://; 58,300 affected pages), which the cybercriminals monetize through scareware, also known as fake security software. The attack has also affected several iTunes web pages.

More details:
The way iTunes works is that it downloads RSS/XML feeds from the publisher to update the podcast and list of available episodes. We believe that these RSS/XML feeds have been compromised with the injected code. The good thing is that iTunes encodes the script tags, which means that the script doesn’t execute on the user’s computer. So good job, Apple.The URL that is injected is unavailable right now, but the server is still up and running, so that could change at any time. While it was up, the script contained simple JavaScript code that redirected the user to a well-known Rogue AV site: hxxp:// That site is also unavailable right now, so we don’t have the actual binary analysis information available yet.
From the perspective of the attacker, mass SQL injection attacks are highly beneficial from a blackhat SEO (blackhat search engine optimization) perspective, as they hijack both the affected web site’s page rank, including the SEO-friendly content that comes with it. Compared to malvertising attacks, mass SQL injection attacks have declined in recent months, indicating a migration trend towards shorter, but more traffic-intensive windows of opportunities for malicious attackers to take advantage of thanks to malvertising.

Users are advised to use NoScript, as well as go through the Ultimate Guide to Scareware Protection.
Read more:

Mass SQL injection attack leads to scareware | ZDNet

My System SpecsSystem Spec

03 Apr 2011   #2
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1

Will LizaMoon Impact Me?

No. It shouldn't. The malicious code injected by LizaMoon redirects visitors from the compromised intended destination to an alternate site pushing rogue antimalware protection. You will see a pop-up warning that your PC is infected. Click OK, and the malicious code performs a fake scan of your system indicating a number of detected malware threats. If you click "Remove All" to eradicate the non-existent threats, you will instead download the real malware--the rogue AV software.

A Guy
My System SpecsSystem Spec

 Mass SQL injection attack leads to scareware

Thread Tools

Similar help and support threads
Thread Forum
Mass SQL injection attack affects over 200,000 URLs
The attack was originally detected in early December, 2011. It currently affects ASP sites and Coldfusion, as well as all versions of MSSQL. Users that are successfully redirected are exposed to either a fake Adobe Flash page requesting that they update their player, or scareware also known as...
Security News
Mass injection attack compromised 20,000+ domains, delivers fake AV
Source A Guy
Security News
Malicious Japan quake spam leads to scareware
Yeah, it didn't take long for this tactic to surface...I got a feeling we're going to be seeing a lot of this down the careful folks.... Link: Malicious Japan quake spam leads to scareware | ZDNet
Security News
Websites Hosted at Go Daddy Under Siege in Mass Injection Attacks
Websites Hosted at Go Daddy Under Siege in Mass Injection Attacks - Softpedia
System Security
New Injection Attack Hits osCommerce Sites
New Injection Attack Hits osCommerce Sites - Softpedia
Security News
Yahoo Babelfish - Possible Frame Injection Attack - Des
Yahoo Babel-fish online service for translating content to different languages. The stringent design bug leads to the possibility of conducting FRAME injection attacks in the context of yahoo domain there by resulting in third party attacks. The issues has been demonstrated in some of my recent...
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 04:21.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App