A massive attack that's trying to scare computer users into visiting a bogus antivirus site has infected more than 1.5 million websites and continues to spread, according to an Internet security firm.

Several pages on Apple's iTunes store have been infected.

The so-called LizaMoon "SQL injection attack" began Tuesday and is being tracked by Websense. Such attacks redirect users by exploiting programming errors and poorly written code and scripts.

eWeek says the attack is "out of control ... with no end in sight." Nearly half the compromised sites are in the United States. Other affected countries include United Kingdom, Kuwait, India, Australia, Turkey, Brazil, Israel, Mexico, Taiwan and Chile.

VentureBeat writes that the attack "shows that malware is a bigger menace than ever and that many web sites aren't protected."

Websense has a Q&A about the attack.