LizaMoon Malware Detection

Critical Nessus Network Monitor Plugin ID 5880


The remote web server seems to have been compromised by LizaMoon.


The remote web site seems to link to malicious javascript files hosted on a third party web site related to the LizaMoon Malware. This typically means that the remote web site has been compromised, likely through SQL injection, and it may infect its visitors as well.


Restore your website to its original state and audit your dynamic pages for SQL injection vulnerabilities.

See Also

Plugin Details

Severity: Critical

ID: 5880

File Name: 5880.prm

Family: Backdoors

Published: 2011/04/06

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 29871

Risk Information

Risk Factor: Critical

Vulnerability Information

Vulnerability Publication Date: 2011/03/29