H4cked Off: Just when you thought it was safe...

01 Apr 2011

I've managed not to get myself hacked for several weeks now, which is great for my personal data, but not so good for this blog.

Fortunately, however, hackers don't sleep (and if they do, it's between the finest silk sheets, bought with your money). So even if I'm temporarily safe, many others are not.

One of the largest and most visible hacking attacks out there at the moment is known as Lizamoon, named after the domain on which the malware was first spotted. This is a mass-SQL injection attack which Google Search suggests has infected around 1.5 million URLs.

An SQL injection, as if you didn't know, is a form of attack which attempts to insert malicious code into a webform. A properly designed site won't process code, however this form of attack has been around for at least six years and is still very successful today. Hang your heads in shame, web coders.

To highlight how widespread Lizamoon is, security experts WebSense Labs have shown that even iTunes has been infected, although Apple doesn't allow the code to execute.

Once users go to one of the many infected pages, they get redirected to a rogue anti-virus site, which displays some fairly convincing graphics claiming to be something called ‘Windows Stability Centre'.

Surprise surprise, Windows Stability Centre believes that your PC is seriously infected and on the brink of collapse. But fear not, all it needs is your credit card details and it will spirit your troubles away, presumably along with your remaining balance.

Lizamoon was first identified on 29th March. Three days later, and according to website ‘Virus Total', only 17 out of 43 AV solutions analysed are able to detect Lizamoon as malware. Of those packages which miss it completely are such mainstream security luminaries as McAfee and Trend. In other words, two of the big three.

Being a cheapskate, I use free tool AVG. Yes, AVG fails the test too. Maybe I spoke to soon about not being hacked. Hang on, I'm getting a popup on my screen. It says I'm infected, oh no! Oh it's okay, it says it can fix it for me. Great! Now, where's my credit card...

Stuart Sumner, senior reporter and security geek

Add your comment

All fields required. Your email address will not be displayed on the site.

By submitting a comment you agree to abide by our Terms & Conditions

Submit

Recent posts

Related Articles

Browse posts by date

Cal_navigation_previousAugust 2011Cal_navigation_next
MonTueWedThuFriSatSun
       
1234567
       
891011121314
       
151617182021
       
22232425262728
       
2930
  • Sign up for Computing email newsletters
  • Computing for mobiles
  • RSS feeds
  • Follow Computing on Twitter
  • Browse Computing videos on You Tube
  • Join Computing.co.uk on Linked In
  • Computing's free Android tablet app
  • Computing's free iPad app

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

About us:

Subscribe:

Community:

Related sites:

Jobs:

Accreditations: