SQL Flaw Enables Attack{4}

by Kevin Q
In the article that I read, James Cohen goes over a massive web attack dubbed the “LizaMoon.” The attack was made possible due to an SQL Flaw in which malicious code was injected into the SQL databases that ran many websites. This would then direct users browsers to a new site where a fake antivirus with malicious intent was installed on their machine with no consent. People would then be told they have a virus and prompted to input their credit card information in order to “fix” the problem. Many websites were hit by this attack but it first happened on lizamoon.com, hence the attack was named “LizaMoon.” Numerous sites were effected by this attack, and many people were tricked into surrendering their credit card info. It then goes on to how fake antivirus programs have been a problem to users in the recent years.

I find this article interesting because I actually got to witness the fake antivirus on a family friends computer. They asked me to take a look at it, and it was actually pretty interesting what it would do. It would of course ask for you to enter your credit card info in order to repair the problem, but it would do this after it locks out most other operation from happening on your computer. I remember that if I didnt get to the task manager in time to end its process, I would even be locked out of task manager as well as all other programs and applications. Luckily my friend did not enter their credit card info, but who knows how many people actually did. It’s strange that sites we frequent daily could possibly be at risk to an SQL injection or another form of attack, which would then be a risk to us the end user. Poeple on both ends, the SQL Database admins and the End Users, need to take as much care and caution as possible to help prevent these attacks from occurring.

Source: Cohen, James. (2011, April 1). SQL Flaw Enables Hijacking of Scores of Web Pages. Technorati.com. Retireved from http://technorati.com/technology/article/sql-flaw-enables-hijacking-of-scores/