Script LizaMoon found already on 500 thousand sites

Even on March 31, in many Internet media, including on Habré, there was news that experts discovered a massive SQL injection of the malicious LizaMoon script. At that time, the number of infected sites reached about 200 thousand. The other day, a team of experts conducted a second search (in fact, nothing complicated - the experts used Google search to detect infected sites). As a result, it turned out that the epidemic did not decline, on the contrary - already on April 1, about half a million sites contained this script.

Of course, Google search results are not an ideal tool for carrying out such an analysis, but this method also provides a rough idea of ​​the scale of the epidemic. The estimated number of infected sites at the moment is 1.5 million. The task of the LizaMoon script is simple - to redirect a user who has come to an infected site to another site that was created by attackers.
')
Next, the user sees a message stating that the security of his computer is at risk, and the “scanner” has discovered all the security gaps there. After the user clicks “OK”, the computer “scans”, which results in a large number of “viruses”. After the end of this “scanner” operation, the user is prompted to remove all viruses by downloading the “antivirus” to his PC. Of course, instead of an effective antivirus, a naive user gets a rootkit, blocking the work of some quite normal programs.

When attempting to run such a program, a fake antivirus reports that a trojan is detected on the PC, and a message is immediately displayed with a suggestion to delete the found “trojan”. When you click the "delete" button, malicious software offers to install an even more "effective tool" to combat these viruses. In general, by the end of such a scan of your PC for viruses, the user receives a whole zoo of viruses and Trojans, which begin to work for the benefit of the creator.

The fake antivirus, by the way, is called the Windows Stability Center, and the user is also offered to pay for its “full version”.

The most common problem with LizaMoon received in the United States, Canada, Italy, Brazil and the UK. According to experts from Websense, epidemics of this scale occur very rarely, and now the problem is unlikely to be quickly located. Currently, only 17 out of 43 more or less well-known antiviruses identify Trojan software, obtained through the LizaMoon script. Among the "correct" software that still detects all this menagerie - antivirus software from Kaspersky, Microsoft, Sophos, Symantec, Trendmicro, VIPRE.

Via yahoo