A massive SQL injection called Lizamoon is blazing through the internet, infecting more than half a million domains around the world to date and as many as 1.5 million URLs.
Australia has so far escaped much of the impact, accounting for less than 1 per cent of victims according to analysis by security firm WebSense.
The first malware-filled domain to surface was lizamoon.com, after which the attack was subsequently named. It was responsible for infecting thousands of victims, but is currently offline. Researchers have identified others that are being used in its place.
WebSense said in a blog post today that victims are being infected with malicious antivirus software called Windows Stability Center via a file that is detected by less than a quarter of antivirus engines.
The malicious script will only run once on victim's systems, based on IP addresses.
The attack had reached iTunes users earlier this week through RSS/XML feeds that had picked up compromised URLs and were displaying them. Apple users were safe, however, because iTunes encoded the script tags which prevented them running on a victim's computer.
Security researcher Dancho Danchev said in a blog that the infected domains respond to a single IP address and were all registered through fake Gmail accounts.
The attack comes days after two hackers launched a blind SQL injection attack against Sun.com and MySQL.com and obtained username and emails from internal databases.