Detections
Analytics

LizaMoon Malware Detection

critical Nessus Network Monitor Plugin ID 5880

Synopsis

The remote web server seems to have been compromised by LizaMoon.

Description

The remote web site seems to link to malicious javascript files hosted on a third party web site related to the LizaMoon Malware. This typically means that the remote web site has been compromised, likely through SQL injection, and it may infect its visitors as well.

Solution

Restore your website to its original state and audit your dynamic pages for SQL injection vulnerabilities.

See Also

http://isc.sans.edu/diary/LizaMoon+Mass+SQL-Injection+Attack+Infected+at+least+500k+Websites/10642

http://community.websense.com/blogs/securitylabs/archive/2011/03/29/lizamoon-mass-injection-28000-urls-including-itunes.aspx

Plugin Details

Severity: Critical

ID: 5880

Family: Backdoors

Published: 4/6/2011

Updated: 1/15/2016

Nessus ID: 29871

Vulnerability Information

Vulnerability Publication Date: 3/29/2011