77:
Indeed, to become infected, a user must give permission to the software four times. LizaMoon asks the user to install a piece of rogue antivirus software to remove various non-existent "viruses" from the PC. The rogue AV software that is installed is called
Windows Stability Center. As of April 1st 2011, the file that is downloaded is currently detected by only 13 of 43 anti-virus engines according to VirusTotal.
76:
As with all malware, LizaMoon is easier for a user to deal with by avoiding it rather than by attempting to repair the damage it causes after the fact. Fortunately, LizaMoon is easy for most users to avoid. The software requires the user to actively participate in downloading and installing itself.
47:
Initial press statements reported the infection of hundreds of thousands or of millions of sites were infected. McAfee estimated approximately 1.5 million hosts affected between March and April 2011. However, subsequent research has shown a much lower infection rate. Although initial estimates for
63:
How the web sites spreading the infection were attacked remains a mystery. However, hackers may inject vulnerable and popular websites with malicious code in order to spread the infection once users visit these sites. Users should never permit installs of software of unknown provenance from the
68:, come under different names and logos such as "XP Security 2011", "Malware Scanner" or similar. After the initial installation, the software runs a fake scan showing non-existing malware on the system and in many cases requires the user to pay in order to remove the alleged malware.
34:
encouraging users to install needless and rogue "anti-virus software". Although it does not use new infection techniques, it was initially thought to be notable based on the scale and speed at which it spread, and that it affected some of Apple's
222:
56:, a security researcher at Google, Google's safe browsing database indicates the LizaMoon attacks began around September 2010 and peaked in October 2010, with approximately 5600 infected sites.
213:
52:
search data were thought to show hundreds of thousands of infected sites, the true number appears to only be in the thousands: according to
64:
Internet under any circumstances – those that follow this policy cannot be infected by LizaMoon. These types of malware, known as
145:
65:
167:
95:
119:
238:
39:
service. LizaMoon was initially reported to the general public by
Websense Security Lab.
232:
57:
27:
60:
researcher Mary
Landesman has confirmed that the infection rate appears quite low.
53:
189:
31:
26:
that infected thousands of websites beginning in
September, 2010. It is an
23:
49:
36:
216:
120:"Malicious Web attack hits a million site addresses"
223:"Hackers infect websites to dupe Internet users."
96:"LizaMoon attack infects millions of websites"
8:
190:"LizaMoon infection: a blow-by-blow account"
146:"Lizamoon SQL Injection Campaign Compared"
214:"LizaMoon breaking anti-virus barriers."
168:"Lizamoon – Much Ado About Very Little"
86:
7:
14:
144:Provos, Niels (3 April 2011).
1:
225:AFP. Accessed October 2011.
94:Stacy Cowley (2011-04-01).
255:
219:. Accessed October 2011.
66:rogue antivirus software
217:CyberMedia India Online
48:the infection based on
126:. Reuters. 2011-04-01
30:attack that spreads
208:Additional sources
166:Landesman, Mary.
246:
201:
200:
198:
196:
185:
179:
178:
176:
174:
163:
157:
156:
154:
152:
141:
135:
134:
132:
131:
116:
110:
109:
107:
106:
91:
16:Computer malware
254:
253:
249:
248:
247:
245:
244:
243:
229:
228:
210:
205:
204:
194:
192:
187:
186:
182:
172:
170:
165:
164:
160:
150:
148:
143:
142:
138:
129:
127:
118:
117:
113:
104:
102:
93:
92:
88:
83:
74:
45:
17:
12:
11:
5:
252:
250:
242:
241:
231:
230:
227:
226:
220:
209:
206:
203:
202:
180:
158:
136:
111:
85:
84:
82:
79:
73:
70:
44:
41:
22:is a piece of
15:
13:
10:
9:
6:
4:
3:
2:
251:
240:
237:
236:
234:
224:
221:
218:
215:
212:
211:
207:
191:
188:Langa, Fred.
184:
181:
169:
162:
159:
147:
140:
137:
125:
121:
115:
112:
101:
97:
90:
87:
80:
78:
71:
69:
67:
61:
59:
55:
51:
42:
40:
38:
33:
29:
28:SQL injection
25:
21:
193:. Retrieved
183:
171:. Retrieved
161:
149:. Retrieved
139:
128:. Retrieved
123:
114:
103:. Retrieved
99:
89:
75:
62:
54:Niels Provos
46:
19:
18:
130:2011-04-01
105:2011-04-01
81:References
100:CNN Money
32:scareware
233:Category
43:Overview
20:LizaMoon
239:Malware
195:7 April
173:7 April
151:7 April
124:Reuters
72:Effects
24:malware
50:Google
37:iTunes
58:Cisco
197:2011
175:2011
153:2011
235::
122:.
98:.
199:.
177:.
155:.
133:.
108:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.