Lizamoon is the name of an Internet-based scareware attack which plays on fears of computer viruses and trust in web security software. Its ultimate aim is to get a user provide credit card information.
The attack got its name from web security firm Websense, which has been tracking it since Tuesday. Lizamoon.com was among the first websites to redirect users to a page with fake web security software.
For average users, being unaware of what anti-virus or security software is on your computer may make you vulnerable to the attack. (For a Visual Description, See Video Below)
How to avoid it?
The way to avoid becoming a victim is in general advice given for many types of web attacks. Don't download unknown files. Be skeptical if you see unknown software or screens on your computer.
How are web users affected?
The Lizamoon attack works involves a user being redirected to a site that appears to be a real web security program which performs a fake scan, prompting users to download software, install it and run another fake scan. It ultimately asks users to pay for more web protection software.
Other web attacks using this security disguise have taken place in recent years, although the specific way Lizamoon attacks computers is by something web server specialists are more trained to distinguish.
How many websites are affected?
Most of the website links Websense listed as being as being infected appear to be from obscure low traffic websites. Nevertheless a search on Google for a specific part of the malicious code shows that 4 million websites have it. However this may or may not mean the websites are actively executing the attack.
What is the iTunes connection?
Websense initially noted that iTunes had some of the bad script on its feeds but also noted that no redirection was taking place and the script does not execute on the user's computer.
So good job, Apple, Websense said.
How are websites compromised?
For web server specialists, Lizamoon is distinguished by being an SQL injection attack, where a vulnerability in a Web application is used to inject bad code into an affected website.
Websense says it does not know how the bad script is added to the compromised web sites.
We're still looking into that, the security firm says. Everything points to that this is a vulnerability in a web application.