[b]Hackers have broken into more than 20,000 legitimate Web sites to plant malicious code to be used in drive-by malware attacks.
According to a warning from Websense Security Labs, the sites have been discovered to be injected with malicious JavaScript, obfuscated code that leads to an active exploit site.
[/b]
http://blogs.zdnet.com/security/?p=3476&tag=nl.e589
Be careful out there.
Hi Marc57.
DrWeb’s av link checker seems to detect this one. Sites are being injected by SQL,
polonus
Thanks for the heads-up polonus
I wonder if the site I reported was one of the 20,000 sites hit with drive-by attack code?
http://forum.avast.com/index.php?topic=45283.0
It’s still infected! hxxp://www.cinema-cafe.com/loc_hampton.asp
Hi rdmaloyjr.
Yep, the site is still flagged by avast. From 53 pages, 4 pages have been downloading and installing malware without consent of the user.
Malicious software includes 5 scripting exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.
Malicious software being hosted on 2 domains, e.g.: qwu11a.biz/, miralive.cn/.
1 domain seems to function as intermittant to spread malware to visitors of mentioned site, e.g.: bronotak.cn/.
This site was hosted on 1 network(s) including AS33570 (AMNET),
For some background read about the favicon.ico redirect: http://msmvps.com/blogs/spywaresucks/archive/2008/10/14/1650776.aspx
polonus