informa
Quick Hits

JavaScript Injection Attack Infects 'Hundreds of Thousands' of Websites

United Nations, UK government sites are among the victims

Websense Security Labs yesterday reported a new JavaScript injection attack that has infected "hundreds of thousands" of Websites, including a United Nations site and some UK government sites.

Web users who browse the infected sites will unknowingly load a file that automatically attempts to serve up a concoction of eight different exploits designed to gain access to their computers and install information-stealing malware, Websense says in its report.

The mass attack appears to be from the same group of individuals who launched a similar "iFrame" attack a few weeks ago, which compromised thousands of Internet domains, including U.S. news and travel sites.

"The attackers have now switched over to a new domain as their hub for hosting the malicious payload in this attack," Websense says. "We have no doubt that the two attacks are related."

In the space of just a few hours yesterday, Websense said it saw the number of compromised sites increase by a factor of ten.

— Tim Wilson, Site Editor, Dark Reading

Recommended Reading: