Computer criminals are injecting malicious code into hundreds of thousands of Web pages, including several associated with iTunes, in a stealthy attempt to trick users into purchasing rogue antivirus software.
The malware campaign, dubbed “LizaMoon ” by the security firm Websense, redirects Web surfers to a rogue antivirus website via malicious JavaScript code injected into Web pages.
Discovered on March 29, LizaMoon was initially spotted on 28,000 Web pages, many of which were associated with iTunes RSS and XML feeds — pages used to update podcasts. According to a Google search, more than 380,000 Web pages are now compromised.
Like all scareware ploys, LizaMoon tries to convince users they have a computer virus that can only removed by purchasing (fake) antivirus software.
What makes LizaMoon particularly dangerous is that users who stumble on a corrupted Web page would not necessarily know they’d been infected — simply visiting a genuine-looking Web page could land users in trouble.
Meanwhile behind the scenes, the rogue antivirus software can automatically download on users’ browsers and then pop up later, scaring them into purchasing a fix for a problem they don’t have.
There is some good news for iTunes users, however. Apple prevents the malicious LizaMoon code from automatically executing on users’ computers.
To help avoid becoming a LizaMoon victim, it’s important to employ and update your antivirus software, which can help block the corrupted Web pages and keep your system secure.