The SQL injection malware attack initiated as unidentified perpetrators of this malware intentionally added malware scripts to legitimate URLs. When people access these URLs, they are automatically redirected to a page that displays a warning to them. The warning generated by the SQL injection states that their PCs are infected by malware which can be removed by downloading a free anti-virus application called “Windows Stability Center”. The application ultimately leads to creating more bogus threats that would require victims of the SQL injection to purchase a more robust product using credit card.
According to sources, Google search is currently showing more than 1.5 million URLs with SQL injections and nasty script. The reason why Google could provide this information is because Google has the feature of counting unique URLs and not domains or websites. The SQL injection massive malware attack is reportedly worldwide. PC users in United States account for almost half of those getting infected by the SQL injection malware and getting redirected to the bogus warning page.
The SQL injection, which was initially discovered on 29th March, is called as LizaMoon, which is named after the first domain, Websense, discovered with the malicious script. According to experts, SQL injection is one of the most common forms of attacking websites and back end databases.
According to sources, Oracle’s MySQL customer website was also attacked over the weekend by two hackers. These hackers publicly posted their usernames. The two hackers called “TinKode” and “Ne0h” took credit for the hacking, but also said that it was the SQL injections that contributed to the hack.