McAfee Avert Labs described the assault as "one of the largest attacks to date of this kind".
The redirects and attempted break-ins are all hidden from the unwitting user. Compromised web pages include everyday destinations such as travel, government and hobby sites.
The attack serves as a reminder that even trusted websites can be malicious, McAfee warned.
"Often you hear warnings about not going to untrusted sites," said Craig Schmugar, threat researcher at McAfee Avert Labs.
"That is good advice, but it is not enough. Even sites you know and trust can become compromised."
The reprogrammed web pages are probably victims of an automated attack that included scanning the internet for unsecured servers and planting a piece of JavaScript code that redirects to a site in China to serve up the malware.
The malware cocktail attempts to exploit vulnerabilities in Windows, RealPlayer and other applications to break into the PC. A back door also allows the subsequent installation of additional malicious programs.
McAfee Avert Labs first spotted the attack on 12 March. "Of the 10,000 pages that were compromised a number have already been cleaned up," the firm stated.
"A single entity is likely to be behind this attack, since the malicious code on all these pages came from the same server in China."
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
