All the latest UK technology news, reviews and analysis


Websense warns of major SQL attack on iTunes and others

30 Mar 2011

Internet monitoring firm Websense is warning of a huge SQL attack that has succeeded in infecting over 28,000 legitimate internet sites.

Dubbed LizaMoon after the originating domain lizamoon.com, the attack injects a single line of code into web sites that link the viewer to a well-known fake security software site at defender-uqko.in.

The attacking domain and the linking site are currently offline, but Websense said this could change at any time at the whim of the attacker. The lizamoon.com domain was set up three days ago using data which appears to be faked.

Websense has spotted some of the code in iTunes URLs, but said that Apple's security policies would have blocked any attack.

"The way iTunes works is that it downloads RSS/XML feeds from the publisher to update the podcast and list of available episodes. We believe that these RSS/XML feeds have been compromised with the injected code," Websense said in a blog post.

"The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer. So good job, Apple."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Iain Thomson
About

Iain Thomson is the US editor of V3.co.uk based in San Francisco. Iain has been a part of the V3.co.uk team since 2002 and was previously technical editor of PC Magazine, reviews editor of PC Advisor and editor of Aviation Informatics. He also appears as an occasional commentator on BBC television and radio, ITV and Bloomberg.

 

 

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
10%
8%
3%
64%
15%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Junior Graduate .Net Developer - ASP.Net / C# / HTML / CSS

Junior Graduate .Net Developer - ASP.Net / C# / HTML...

Junior Graduate .Net Developer - ASP.Net / C# / HTML / CSS

Junior Graduate .Net Developer - ASP.Net / C# / HTML...

Junior Graduate .Net Developer - ASP.Net / C# / HTML / CSS

Junior Graduate .Net Developer - ASP.Net / C# / HTML...

PHP Developer - PHP / Moodle / Totara / PostgreSQL / HTML / CSS

PHP Developer - PHP / Moodle / Totara / PostgreSQL...
To send to more than one email address, simply separate each address with a comma.