Lizamoon malware attacks 1.5 million websites

Summary:A major SQL injection is infecting half a million domains worldwide, which is causing sites to redirect visitors to malware and scareware-infected domains

A massive SQL injection called Lizamoon is blazing through the internet, infecting more than half a million domains around the world to date and as many as 1.5 million URLs.

The attack initially hit around 50,000 domains when it emerged earlier this week, by using an automated JavaScript injection that targets vulnerable websites. Compromised sites then redirect visitors to malware and scareware-infected domains.

The first malware-filled domain to surface was, after which the attack was subsequently named. It was responsible for infecting thousands of victims, but is currently offline. Researchers have identified others that are being used in its place.

For more on this ZDNet UK-selected story, see Lizamoon attack soars, but Oz suffers little on ZDNet Australia.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topics: Security


Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.