
The company was apparently informed of the suspicious link a week ago by Sophos but the link is still present on the site. The link instructs the user's browser to install a malicious file from a series of domains known to host attack sites.
The malware spreads by infecting legitimate sites using SQL injections. These attacks take advantage of SQL database applications that accept user-supplied data without inspecting it for malicious characters.
The infection resides as the ‘Serious Magic' website, which was acquired by Adobe two years ago. Adobe has claimed that it was investigating the matter further.
See original article on scmagazineuk.com