An automated malware attack has hit a 'large number' of commercial websites, making surreptitious modifications to their web page content via the use of SQL injection. Dubbed 'LizaMoon,' the sophisticated campaign aims to redirect hapless users to a scareware site designed to cower (or confuse) computer users into installing fake antivirus software. Though initial reports pointed to the 1.5 million results returned by Google (NASDAQ: GOOG), Websense now concedes in an updated blog post that relying on Google Search results "aren't always great indicators of how prevalent or widespread an attack is as it counts each unique URL or page, not domain or site."

The security company did put together a video showing the LizaMoon campaign in action from illicit redirection to the various stages of its attempt to scare users into divulging their credit card details. I watched the video, and I must say that LizaMoon is a very sneeky and convincing effort. You can watch the video at the end of the Websense blog here, or visit the direct link here (YouTube).

For more on this story:
- check out this article at Infosecurity
- check out this article at PC Pro

Related Articles:
MySQL.com falls to SQL injection attack 
Cybercriminals peddling exploit kits as hosted service