iTunes, reports “The Inquirer” ( Lizamoon is a SQL injection attack, where hackers target the database backend of a website and execute unauthorized commands by taking advantage of insecure code.

Insecurity firm Websense says that, according to a Google search, over 28,000 URLs have been compromised. It saw infected iTunes URLs that the media player will download from the publisher to update podcast and episode availability, says “The Inquirer.”

“We believe that these RSS/XML feeds have been compromised with the injected code,” says Websense security expert Patrik Runald. “The good thing is that iTunes encodes the script tags, which means that the script doesn’t execute on the user’s computer.”