Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Lizamoon hits thousands of websites, but claims few victims

Links to a fake virus scan that recommended fake security software on lizamoon.com and 27 other domains were injected into up to 4 million web pages between March 29 and April 3.

Despite the widespread success of the SQL injection attacks, swift action by security firms has limited the number of victims, according to the BBC.

Security researchers believe only a small number of people followed the link and bought the fake software because the domains set up for the scam were shut down quickly and the sites compromised by attack were relatively low profile.

This is a SQL-injection attack, emphasizes Jim Walter, manager of the McAfee Threat Intelligence Service.

"Before any of us blow our IT budgets on database security goodies, we must all take the basic first steps," he says in a blog post.

Walter recommends simple and core techniques, such as constraining user input, validating user input, limiting types of input, encrypting sensitive data, and designing accounts with the principle of least privilege.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?