20,000 sites hit with drive-by attack code

[b]Hackers have broken into more than 20,000 legitimate Web sites to plant malicious code to be used in drive-by malware attacks.

According to a warning from Websense Security Labs, the sites have been discovered to be injected with malicious JavaScript, obfuscated code that leads to an active exploit site.
[/b]

http://blogs.zdnet.com/security/?p=3476&tag=nl.e589

Be careful out there.

Hi Marc57.

DrWeb’s av link checker seems to detect this one. Sites are being injected by SQL,

polonus

Thanks for the heads-up polonus

I wonder if the site I reported was one of the 20,000 sites hit with drive-by attack code?

http://forum.avast.com/index.php?topic=45283.0

It’s still infected! hxxp://www.cinema-cafe.com/loc_hampton.asp

Hi rdmaloyjr.

Yep, the site is still flagged by avast. From 53 pages, 4 pages have been downloading and installing malware without consent of the user.
Malicious software includes 5 scripting exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.

Malicious software being hosted on 2 domains, e.g.: qwu11a.biz/, miralive.cn/.

1 domain seems to function as intermittant to spread malware to visitors of mentioned site, e.g.: bronotak.cn/.

This site was hosted on 1 network(s) including AS33570 (AMNET),

For some background read about the favicon.ico redirect: http://msmvps.com/blogs/spywaresucks/archive/2008/10/14/1650776.aspx
polonus