Security firm Websense has been tracking the “LizaMoon” attack since it started March 29. The company’s malware researchers dubbed the attack LizaMoon after the first domain that victims were redirected to. At the redirected site, users saw a warning dialog that they had been infected with malware and a link to download a fake antivirus.
The users are shown a number of threats supposedly on their computer, but the fake AV, Windows Stability Center, won’t remove them until the user pays up, in a “very traditional rogue AV scam,” wrote Patrik Runald, the Websense researcher who has been following the attack over the past few days.
LizaMoon attack infects countless websites
Posted on Friday, April 01 2011 @ 21:35 CEST by Thomas De Maesschalck
eWeek reports hundreds of thousands of websites have been hit by LizaMoon, a SQL injection attack that redirects visitors to a fake antivirus website.