A large-scale SQL Injection attack known as LizaMoon has now spread to a massive amount of websites.
Security firm Websense claims that hundreds of thousands of sites have been infected, with Google search showing that the number is over 1.5 million URLs, but the company says that figure is over-inflated.
Whatever the number, Websense notes that “there really hasn’t been anything this big before.”
The injected code links across to a scareware site that leads the user to install a rogue anti-virus program called Windows Stability Centre.
The attack was actually spotted earlier this week, but it had only infected some 30,000 sites on Tuesday. It has obviously spread massively since then.
It even hit iTunes, although fortunately the script doesn’t execute properly on iTunes, so Apple has kept things water-tight on their end.