The LizaMoon mass-injection is a SQL injection attack that inserts the following line into the code of the page:
According to a Google Search, over 28,000 226,000 URLs have been compromised. This includes several iTunes URLs, as you can see below:
And here is the injected code at one of those iTunes URLs:
The domain lizamoon.com was registered three days ago with clearly fake information:
UPDATE2: We have been monitoring the attack since it came out and noticed that the number of the compromised URLs is still increasing, 380,000 URLs so far, moreover, more domains started to be involved except for lizamoon.com.
Follow the story here for more updates.