What a match it was, since yesterday morning, I was trying to concentrate on LizaMoon and a small IPC code, but the ICC World Cup Semi-Final, got the better of me.
Now, back to work and here is the analysis of Lizamoon.
Google Search for LizaMoon, reveals 250,000 + results.
What exactly is LizaMoon:
Lizamoon, is a mass-injection attack which inserts the following code into the web-pages.
Some of the site admins have taken the steps to remove this code injection. Link
This is the only information, which is available on internet about Lizamoon, rest all are spin-offs.
At a first glance, its quite surprising to find 2,50,000 + infected urls, and secondly, majority of the infected sites were running on IIS and W2k3.
This was a mass SQL injection attack and for the first time, someone has gone to such an extent to inject the code on multiple sites.
What I presume is that an automated system was used to search for vulnerable servers.