Hundreds of thousands of websites appear to have been compromised by a massive cyber attack. The hi-tech criminals used a well-known attack vector that exploits security loopholes on other sites to insert a link to their website.
Those visiting the criminals' webpage were told that their machines were infected with many different viruses. Swift action by security researchers has managed to get the sites offering the sham software shut down.
Security firm Websense has been tracking the attack since it started on 29 March. The initial count of compromised sites was 28,000 sites but this has grown to encompass many times this number as the attack has rolled on.
Websense dubbed it the Lizamoon attack because that was the name of the first domain to which victims were re-directed. The fake software is called the Windows Stability Center.
The re-directions were carried out by what is known as an SQL injection attack. This succeeded because many servers keeping websites running do not filter the text being sent to them by web applications.