Lizamoon attack snubbed by web security firms

Scareware programme affected hundreds of thousands of websites, asked victims to download fake anti-virus software

Tags: Cyber crimeScarewareTrend Micro Incorporated
  • E-Mail
Lizamoon attack snubbed by web security firms The Lizamoon scareware programme has been detedted in hundreds of thousands of websites, but relatively few people have been affected due to swift action by security software companies.
By  Georgina Enzer Published  April 5, 2011

The massive Lizamoon website attack, which managed to insert the name of rogue domains into hundreds of thousands of websites, has snared relatively few victims, according to the BBC.

Despite the massive number of websites affected by the scam, web security firms reacted swiftly and managed to block a large number of potential victims from clicking on the infected link.

The link that was inserted into pages directed victims onto a page that did a fake virus scan and then offered fake security software to fix problems supposedly found on the victims' computer.

The Lizamoon attack was first discovered on 28,000 websites by internet security firm Websense on 29th March.

The company began tracking Lizamoon and discovered that the attack was more widespread than initially thought. By 3rd April, Google was reporting that over four million websites were infected with the rogue links.

Security firms have reported that affected websites ran into hundreds of thousands.

The attack got its name from the first rogue domain that was found on compromised sites, Lizamoon.com. Twenty-seven other domains were also used as re-direction points.

No-one has yet been able to estimate how many people clicked on the fake link and bought the fake security software or scareware.

Many security researchers were able to shut down domains being used to peddle the fake software soon after that were created and some of the sites being used were already known for harbouring scareware and malicious programmes.

Rik Ferguson, senior security advisor at Trend Micro told the BBC that the company had only seen a small number of victims and had blocked just over 2,000 attempts to visit the domains.

"The sites that were compromised by the SQL injection attack were comparatively low profile sites and thus the attack did not gain significant momentum," he said.

Security companies are now working on a quick fix for sites affected by the scareware so they can prevent similar attacks it eh future.

Compromised sites were mostly small to mid-tier websites, some of which included astronomy groups, hospitals, social clubs, funeral homes and sports teams.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code