Home / / Lizamoon attack snubbed by web security firms

Lizamoon attack snubbed by web security firms

Scareware programme affected hundreds of thousands of websites, asked victims to download fake anti-virus software

Lizamoon attack snubbed by web security firms
The Lizamoon scareware programme has been detedted in hundreds of thousands of websites, but relatively few people have been affected due to swift action by security software companies.

The massive Lizamoon website attack, which managed to insert the name of rogue domains into hundreds of thousands of websites, has snared relatively few victims, according to the BBC.

Despite the massive number of websites affected by the scam, web security firms reacted swiftly and managed to block a large number of potential victims from clicking on the infected link.

The link that was inserted into pages directed victims onto a page that did a fake virus scan and then offered fake security software to fix problems supposedly found on the victims' computer.

The Lizamoon attack was first discovered on 28,000 websites by internet security firm Websense on 29th March.

The company began tracking Lizamoon and discovered that the attack was more widespread than initially thought. By 3rd April, Google was reporting that over four million websites were infected with the rogue links.

Security firms have reported that affected websites ran into hundreds of thousands.

The attack got its name from the first rogue domain that was found on compromised sites, Lizamoon.com. Twenty-seven other domains were also used as re-direction points.

No-one has yet been able to estimate how many people clicked on the fake link and bought the fake security software or scareware.

Many security researchers were able to shut down domains being used to peddle the fake software soon after that were created and some of the sites being used were already known for harbouring scareware and malicious programmes.

Rik Ferguson, senior security advisor at Trend Micro told the BBC that the company had only seen a small number of victims and had blocked just over 2,000 attempts to visit the domains.

"The sites that were compromised by the SQL injection attack were comparatively low profile sites and thus the attack did not gain significant momentum," he said.

Security companies are now working on a quick fix for sites affected by the scareware so they can prevent similar attacks it eh future.

Compromised sites were mostly small to mid-tier websites, some of which included astronomy groups, hospitals, social clubs, funeral homes and sports teams.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.