New malware attack infecting Web sites

Somewhere around 40,000 Web sites have apparently been infected with code that redirects visitors to sites hosting malware, according to a security firm.

Tom Krazit Former Staff writer, CNET News

Tom Krazit writes about the ever-expanding world of Google, as the most prominent company on the Internet defends its search juggernaut while expanding into nearly anything it thinks possible. He has previously written about Apple, the traditional PC industry, and chip companies. E-mail Tom.

See full bio

Tom Krazit

June 2, 2009 4:24 p.m. PT

Security firm Websense has put out an advisory warning Web site owners about malicious code that redirects surfers to seemingly safe sites.

About 40,000 Web sites appear to have been compromised with rogue JavaScript code that redirects Web surfers to a fake Google Analytics site, after which they get passed onto a site that tries to exploit Internet Explorer or Firefox vulnerabilities to infect that PC with malware, according to a Websense researcher quoted by Computerworld. Just for good measure, if the site can't find a browser vulnerability, it tries to trick the user into downloading a Trojan.

It's not clear how the sites were compromised, but Computerworld reported the redirect sites are being hosted in the Ukraine, implying that the Russian Business Network is behind the threat.

This is a separate scam from the Gumblar attack that made the rounds last week, according to Websense.