Malicious Web attack hits a million site addresses

SEATTLE, April 1 (Reuters) – More than one million website
addresses have been compromised by a sophisticated hacking
attack that injects code into sites that link to a fraudulent
software sales operation.

The mass attack has managed to inject malicious code into
websites’ links by gaining access to the servers running the
databases that power the Internet, according to the technology
security company that discovered it.

Websense, which first found evidence of the attack earlier
this week, has called it ‘LizaMoon,’ after the name of the site
the malicious code first directed its researchers to.

On that site and others, users are shown a warning from
‘Windows Stability Center’ — posing as a Microsoft Corp
(MSFT.O: Quote, Profile, Research) security product — that there are problems with their
computer and are urged to pay for software to fix it.

Microsoft has no product of that name. The company did not
immediately have a comment on the attack.

Websense said some Web addresses related to Apple Inc’s
(AAPL.O: Quote, Profile, Research) iTunes service were compromised. Apple did not
immediately respond to a request for comment.
(Reporting by Bill Rigby; editing by Andre Grenon)

Malicious Web attack hits a million site addresses