More than 1.5 million Web sites have been infected by a LizaMoon “SQL injection attack” that began on March 29. The attack attempts to scare users into visiting a fake anti virus site.
Several pages on the Apple iTunes store have been infected, USA Today reports. Almost half of the affected sites are in the United States. Web sites in the United Kingdom, Kuwait, India, Australia, Turkey, Brazil, Israel, Mexico, Taiwan and Chile have also been affected.
The attack, which is being tracked by Websense, exploits programming errors and poorly written code and scripts on Web sites. A line of code is embedded on the Web site, and it redirects the user when the user loads the page, eWeek reports. Users are shown a number of threats that are supposedly on their computer, but the fake antivirus – called “Windows Stability Center” – will not go away until the user pays for the service.
The attack does not appear to be slowing down anytime soon, according to eWeek.