HOME

TheInfoList



Click Here for Items Related To - LizaMoon
OR:
LizaMoon on:   [Wikipedia]   [Google]   [Amazon]

LizaMoon is a piece of malware that infected thousands of websites beginning in September, 2010. It is an
SQL injection In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL in ...
attack that spreads
scareware Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes r ...
encouraging users to install needless and rogue "anti-virus software". Although it does not use new infection techniques, it was initially thought to be notable based on the scale and speed at which it spread, and that it affected some of Apple's iTunes service. LizaMoon was initially reported to the general public by Websense Security Lab.


Overview

Initial press statements reported the infection of hundreds of thousands or of millions of sites were infected. McAfee estimated approximately 1.5 million hosts affected between March and April 2011. However, subsequent research has shown a much lower infection rate. Although initial estimates for the infection based on
Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
search data were thought to show hundreds of thousands of infected sites, the true number appears to only be in the thousands: according to
Niels Provos Niels Provos is a German-American researcher in security engineering, malware, and cryptography. He received a PhD in computer science from the University of Michigan. From 2003 to 2018, he worked at Google as a Distinguished Engineer on security ...
, a security researcher at Google, Google's safe browsing database indicates the LizaMoon attacks began around September 2010 and peaked in October 2010, with approximately 5600 infected sites.
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
researcher Mary Landesman has confirmed that the infection rate appears quite low. How the web sites spreading the infection were attacked remains a mystery. However, hackers may inject vulnerable and popular websites with malicious code in order to spread the infection once users visit these sites. Users should never permit installs of software of unknown provenance from the Internet under any circumstances – those that follow this policy cannot be infected by LizaMoon. These types of malware, known as rogue antivirus software, come under different names and logos such as "XP Security 2011", "Malware Scanner" or similar. After the initial installation, the software runs a fake scan showing non-existing malware on the system and in many cases requires the user to pay in order to remove the alleged malware.


Effects

As with all malware, LizaMoon is easier for a user to deal with by avoiding it rather than by attempting to repair the damage it causes after the fact. Fortunately, LizaMoon is easy for most users to avoid. The software requires the user to actively participate in downloading and installing itself. Indeed, to become infected, a user must give permission to the software four times. LizaMoon asks the user to install a piece of rogue antivirus software to remove various non-existent "viruses" from the PC. The rogue AV software that is installed is called Windows Stability Center. As of April 1, the file that is downloaded is currently detected by only 13 of 43 anti-virus engines according to VirusTotal.


References

{{reflist


Additional sources


"LizaMoon breaking anti-virus barriers."CyberMedia India Online
Accessed October 2011.
"Hackers infect websites to dupe Internet users."
AFP. Accessed October 2011. Scareware