SQL injection

Lizamoon attack "most successful SQL injection attack ever"

_51958178_screenshotoffakesecuritysoftware,websense
I had just finished a presentation today on the very real need for web application protection to protect against SQL injection and Cross-Site Scripting attacks, when I came across the following two articles:

http://www.theregister.co.uk/2011/03/31/lizamoon_mass_injection_attack/
http://www.bbc.co.uk/news/technology-12933053

The attack injects a legitimate website with a link to a malicious site which, when accessed, loads a pop-up which attempts to get the site visitor to install a fake anti-malware product, pertaining to be from Microsoft.

To get an idea of how many sites have been compromised by the first wave of the attack, simply Google the following: “lizamoon[dot]com[slash]ur.php”.

As the attack spreads it has now been modified to inject links to other rogue domains hosting the same piece of malware.