The incident follows a previous series of similar attacks last summer that also relied on JavaScript injection and used a similar toolkit to execute the attacks.
The total number of infected websites is estimated to be in the hundreds of thousands.
The infections are passed when a surfer visits a compromised website, whereupon the malicious code loads a file named 1.js which redirects visitors to a webpage named 1.htm which then launches eight different attacks on Microsoft applications, such as Internet Explorer installations that have not been patched against VML exploit MS07-004.
The malicious code caused further concern by referencing files named McAfee.htm and Yahoo.php, but those files seem to be no longer active.
The United Nations website, as well as those of the UK and Chinese governments has been successfully compromised by the current attackers, the Websense report claims, which also cites previous successful attacks on US-based news websites, an Israeli e-commerce portal, and many travel sites.
The attackers are defying attempts to thwart their assaults by switching the domains from which the attacks are launched.
Further concerns have been reported by SecuriTeam’s Tim Brown who claims that these attacks do not require JavaScript or the <script> tag to perform a successful injection and that once the attack succeeds, AJAX offers other avenues of attack that would succeed even on systems that had JavaScript disabled.
