LizaMoon attack infects millions of websites

By Stacy Cowley, tech editor


NEW YORK (CNNMoney) -- Have you heard the scary news about 'LizaMoon,' a malicious code attack that has already infected more than a million websites?

Don't panic. This particular bit of hacker mischief is setting off alarms among online security watchdogs for its speed and scope, but built-in software safeguards mean few actual users will end up suffering.

The exploit drew headlines because it's affecting a surprisingly large number of websites -- nearly 4 million so far -- and because some of those sites feed into Apple's iTunes platform. Websense, the security software vendor that first broke the news about LizaMoon in its blog, played up the iTunes connection in its first warning about the attack.

But Apple (AAPL, Fortune 500) has iTunes designed to automatically neutralize this kind of threat. That means there's zero risk of an iTunes user's computer actually getting infected by this bit of malware. Websense acknowledged that in its latest LizaMoon update.

"Every time there's a mass-injection like this, and there really hasn't been anything this big before, we try to identify larger systems and sites that have been affected," the company wrote in its blog. "There are few systems out there bigger than iTunes, so when we saw that content on itunes.apple.com contained the injected link we wanted to make people aware of that, even if the script didn't work."

LizaMoon is what's called a SQL code injection attack, where a Web application vulnerability is exploited to inject malicious code into affected websites. If a Web surfer visits an affected site, they'll be redirected to a rogue website that tries to install a "scareware" file. The file generates messages warning the user that their computer is infected with viruses, and offers to sell them antivirus software in defense. Most actual, legitimate antivirus programs will detect and eliminate the malicious file.

And most websites have protections in place to prevent them from getting infected in the first place. While LizaMoon has infested million of websites, security experts say it's a run-of-the-mill threat that is mostly hitting obscure, low-traffic sites.

"Defense against your sites getting infected is the standard things we ought to be doing anyway," the SANS Internet Storm Center, a security monitoring site, wrote in its LizaMoon analysisTo top of page

Frontline troops push for solar energy
The U.S. Marines are testing renewable energy technologies like solar to reduce costs and casualties associated with fossil fuels. Play
25 Best Places to find rich singles
Looking for Mr. or Ms. Moneybags? Hunt down the perfect mate in these wealthy cities, which are brimming with unattached professionals. More
Fun festivals: Twins to mustard to pirates!
You'll see double in Twinsburg, Ohio, and Ketchup lovers should beware in Middleton, WI. Here's some of the best and strangest town festivals. Play
Index Last Change % Change
Dow 17,810.06 91.06 0.51%
Nasdaq 4,712.97 11.10 0.24%
S&P 500 2,063.50 10.75 0.52%
Treasuries 2.32 -0.02 -0.86%
Data as of 1:50pm ET
Company Price Change % Change
Bank of America Corp... 17.12 0.12 0.71%
Kinder Morgan Inc 39.75 -0.17 -0.43%
Apple Inc 116.47 0.16 0.14%
Intel Corp 35.59 -0.36 -1.00%
Microsoft Corp 47.98 -0.72 -1.48%
Data as of Nov 21

Sections

This arrangement, announced Friday, illustrates how the lines have blurred between traditional TV networks and newfangled options like Netflix. More

The Obama administration is touting that its immigration action will boost wages. But the hike amounts to only $170 a year by 2024. More

Obama doesn't have the authority to create a startup visa, but part of his reform announcement could include a workaround for entrepreneurs: 'parole status.' More

Nearly half of all Americans say there's a chance they'll have to work during a holiday between Thanksgiving and New Year's, according to a new poll. And one in four say they'll have to work whether they want to or not. More

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.