Language…
22 users online:  Ahrion,  AmperSam, Beed28, ben15420, Doopu, gizmo_321, Gorry, Green, mathew, Mecke1990, MorrieTheMagpie, Nayfal, OrangeBronzeDaisy, Pink Gold Peach, rafaelfutbal, Ray Hamilton, signature_steve, Skewer, SMW Magic, TrashCity, wye,  YouFailMe - Guests: 278 - Bots: 405
Users: 64,795 (2,370 active)
Latest user: mathew

Large-scale SQL injection affects many sites, redirects to scam AV

I'm surprised there's no thread about this already.

The "LizaMoon" attack has been loose since March 29. It works by using SQL injection to stick a redirect onto a website that brings the end user to a scareware site, trying to make the user think he's been affected with viruses. The site encourages him to install a rogue antivirus called "Windows Stability Center" and then purchase it.

Relevant news article
Websense, currently tracking LizaMoon
Video for the curious. This happens when you go to an affected site and use the fake antivirus.
How to remove Windows Stability Center

Good news is, many of the sites known to be infected are relatively obscure, and while a moderately net-savvy person probably wouldn't need to worry, the info is good to spread so someone prone to panic or who just doesn't know won't mistakenly fall for the scam. The Firefox addon "NoScript" is probably a good idea if you don't want the redirect annoyance, in case you do visit an affected website.

WSC itself is a bit sloppy in its aim to look authentic; the discrepancies in the spelling of "license" are kind of humorous.

Just look above you...
If it's something that can be stopped, then just try to stop it!
I never heard of this before.

I just watched the video. So basicaly it does nothing but tell you to purchase a fake anti-virus? That's a verry pathetic way to make money in my opinion. I just hope I won't have to deal with that thing.
It actually infected a site I've been visiting regularly. When you get redirected and an alert box appears, press cancel/no/whatever button to decline stuff (and stay safe). If you press OK/yes you get a fake, fancy virus scanning page. If you don't want to get infected, don't click anything within that page. If you do, your virus scanner will complain (mine did).

Windows 7 users should be able to figure out that the virus scanning page is fake. Like, a windows XP interface in windows 7 in a browser of choice DOES look suspicious.
My blog. I could post stuff now and then

My Assembly for the SNES tutorial (it's actually finished now!)
Actually, just kill the process through Task Manager. One can't trust rogueware to be even half truthful.

Celarix | smlimitless@github | Avatar by Uhrix
Originally posted by Ersanio
Windows 7 users should be able to figure out that the virus scanning page is fake. Like, a windows XP interface in windows 7 in a browser of choice DOES look suspicious.


I was browsing a site through my phone, and that popped up. I was laughing so hard.



I've been plagued with this problem on a few sites, but the video ones by far are the worst for me they make random lag moments even more annoying.



This reminds me: What plugin for ff besides noscript can I use to disable redirects and prevent something like this from happening?
Your layout has been removed.
I think i am one of the few who hardly care about this, because it doesn't affect any site i visit.

dah
i just lurk sometimes
Originally posted by Ersanio
It actually infected a site I've been visiting regularly. When you get redirected and an alert box appears, press cancel/no/whatever button to decline stuff (and stay safe). If you press OK/yes you get a fake, fancy virus scanning page. If you don't want to get infected, don't click anything within that page. If you do, your virus scanner will complain (mine did).

Windows 7 users should be able to figure out that the virus scanning page is fake. Like, a windows XP interface in windows 7 in a browser of choice DOES look suspicious.

I just this minute came across that. It's pretty stupid how it's got a Windows XP interface when many computers run on Windows 7, it just makes it more obvious that it's fake.Free counters!