Security firm Trend Micro says it is currently monitoring a large-scale SQL injection attack that continues to spread to more websites. Compromised sites are being injected with a malicious script designed to redirect visitors to URLs laced with malware, including fake antivirus software. Trend Micro says it can't find any common denominator as to which industries are being targeted. Infected sites run the gamut from astronomy, clubs, hospitals, sports, funeral homes, electronics, and so forth.
According to Websense , some 500,000 URLs have a script link to lizamoon.com, the first domain the firm recognized as being infected. The number of infected sites could actually be much larger.
"We have also been able to identify several other URLs that are injected in the exact same way, so the attack is even bigger than we originally thought," Websense says. "All in all, a Google Search reveals over 1.5 million URLs that have a link with the same URL structure as the initial attack. Google Search results aren't always great indicators of how prevalent or widespread an attack is as it counts each unique URL, not domain or site, but it does give some indication of the scope of the problem if you look at how the numbers go up or down."
Incidents like this serve as a reminder why it's important to roll with some sort of antivirus protection, though even then you're not entirely in the clear. The malicious file that is downloaded from visiting one of the infected sites is currently only detected by 13 out of the 43 antivirus engines on VirusTotal . That doesn't mean behavioral or heuristic scanning wouldn't detect that something is amiss, but it does show how far under the radar this particular attack is flying, despite infecting thousands of URLs.
Image Credit: hunry-hackers.com