Security vendor Trend Micro's Web site was hacked earlier this week in an attack that spread to hundreds of other sites, according to an InfoWorld report.
The malicious code tries to embed software that steals passwords from users as they visit Web sites, according to the report.
Trend Micro discovered the attack on Wednesday and took steps to shut it down. It affected about 20,000 Web pages written with Microsoft's Active Server Pages Web development software. According to Trend Micro:
(A similar previous) attack seems to have started more than a week ago, and nearly 200,000 Web pages have been found to be compromised, most of which are running phpBB. This contrasts (Wednesday's) attack in that the vast majority of those were active server pages (.ASP). The ASP attacks are different than the phpBB ones in that the payload and method are quite different. Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering. phpBB mass hacks have occurred in the past, including those done by the Perl/Santy.worm back in 2004.
Trend Micro also provided a video demonstration of what the attack looks like from the end user's perspective.