"This type of injection pretty much voids the concept of 'trusted' or 'safe' websites."
Security firm F-Secure said that at least 510,000 pages have fallen victim to the attack.
The compromised sites have been embedded with code that redirects the user to a third-party site at which eight different exploits attempt to install a password-stealing Trojan.
F-Secure and Sans Institute urged administrators to block access to the domains hosting the malware exploit.
The Sans Internet Storm Center recommended blocking access to hxxp:/www.nihaorr1.com and the IP it resolves to 219DOT153DOT46DOT28 at the edge or border of the network.
F-Secure also recommended that administrators of hosting servers check their logs for possible attacks.
The outbreak is the latest in a rash of large-scale attacks this year. In March, a pair of attacks, one infecting 10,000 pages and another compromising 200,000 pages, were uncovered by researchers.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
