By Kevin Coleman -- Defense Tech Cyberwarfare correspondent
It happened again – over a million web site pages were compromised by a cyber attack that injects malicious code that redirect users to a fraudulent security software operations site. This malicious incident began back in October of 2010 and has been referred to as a “massive-injection” and it is said to be one for the record books. The actors behind the attack have targeted small and medium size business web sites so far, but their targets could change. The attack method uses a malicious script/SQL injection that redirects users to a fake anti-virus security software web site. The fake web site is high quality and that is the primary for the mass infection and its overall success. Once on the fake web site, the site tries to get redirected visitors to install a fake anti-virus program that is harmful to the computer. Security firm Websense was the first to uncover evidence of this attack and has named it LizaMoon. At this time the attack continues and people are falling victim left and right. The problem is likely to stay around for sometime because there is currently no remedy.
Talk about Déjà vu! This attack vector has been around for a while and yet people continue to fall victim to it. Will we never learn that people are the weakest link and we must protect them since they have proven time and time again they can’t protect themselves?
