Mass Injection Compromises More than Twenty-Thousand Web Sites
Threat Type: Malicious Web Site / Malicious Code
This mass injection attack does not seem related to Gumblar. The location of the injection, as well as the decoded code itself, seem to indicate a new, unrelated, mass injection campaign.
Screenshot of injected code in an injected site:
The exploit site is laden with various attacks. After successful exploitation, a malicious file is run on the exploited computer. The executed malware file has a very low AV detection rate.Websense® Messaging and Websense Web Security customers are protected against this attack.