Thread: Anybody else fall for this one?

Was browsing a few nights ago and was hit with a 'windows security centre' page telling me I had key stroke loggers and a few other viruses... Looked pretty genuine so I ran a scan which came up with nothing.



Anyway, twas all a hoax but experts are saying it was the most successful SQL injection attack ever seen.

Full story: BBC News - Sites hit in massive web attack

hi bloke , been a while , good to see you posting again

^Thanks... Back offshore and sane again..

Been lurking for a while but not very busy at work as can be seen from above.

The LizaMoon mass-injection campaign is still ongoing and more than 500,000 pages have a script link to lizamoon.com according to preliminary Google Search results.

Update on LizaMoon mass-injection and Q&A - Security Labs


What happens to the user?

We wrote in an earlier post that the payload site doesn't work properly, but further testing shows that it does and we created a video showing what happens if a user visits a website that contains the injected code. The video is available at the end of this post. The user only gets the malicious code once per IP address, so if you've already visited the site you won't get the code again. This is something we see often in attacks, especially in exploit kits.

The Rogue AV software that is installed is called Windows Stability Center and the file that is downloaded is currently detected by 13/43 anti-virus engines according to VirusTotal.



The software then displays a warning that there are lots of problems on your PC. To fix them you have to pay for the full version of the application. Very traditional rogue AV scam. Dancho Danchev has some more information on his blog.



Where are users coming from?

We looked at reports of traffic to lizamoon.com as indicated by data collected by the Websense Threatseeker Network and here's a graph of where those users are located.


community.websense.com

Originally Posted by rawlins

^Thanks... Back offshore and sane again

Good on ya mate.................I'm looking forward to that beer.

^ Me too... Back in about a week - will give you a shout. Few new bars popped up on the darkside that I haven't checked out yet...

I'll be back in Thailand (arriving today) for about 2 weeks so timing is everything.

Bloody Hell I,m Back In 16 Days...does That Mean I Miss Out????

Well, guys, if this is another TD April Fools joke you got me. Very real looking. The one about TD and TV merging had me hook line and sinker until I continued to read posts until the joke was outed. I truly enjoy TD even with some of the more crass members continuely being seemingly ass-holes.

Shiloh Jim

They need to hang the bastards who are doing this stuff!!!

I've never seen this. Mind you I apply all updates, use a firewall, AV and a few other tools as well.

Oh, and a popup blocker doesn't hurt.

Having said that, two points in the article are worth a mention:

(1) It's a flaw in badly written web applications, not SQL or Windows.
(2) Don't click on shit if you don't know what it is.