Hackers have launched a widespread
website attack, leaving malicious links on up to 10,000 web
servers, says security software firm Kaspersky Lab.
Kaspersky says the servers hacked into are mainly located in
Western Europe and the US. It is not clear at this stage who has
hacked the machines, but the expectation is that the number of
infected sites will rise.
The cyber criminals are adding a line of Javascript code onto
the sites that redirects hacked site visitors to one of six
servers.
These sites then redirect the visitor to a server in China. That
server can then launch a variety of attacks, targeting known flaws
in the Firefox and Internet Explorer browsers, Adobe's Flash Player
and ActiveX management controls, said Kaspersky.
Those victims who have not got fully patched PCs run the risk of
allowing the remote attackers to install spyware on their machines,
allowing then to steal their data. This could be used to carry out
financial fraud.
Similar attacks earlier this year infected 1.5 million web
pages, including a large number of web pages run on Italian
government servers.