There is yet another large-scale injection attack going on right now, with nearly 200,000 pages affected so far. The compromised pages are serving visitors with malicious code that sends them off to a remote server for installation of malware.
If one of the exploits is successful, the attack sequence continues with the installation of a piece of malware that then attempts to connect to a remote server based in the U.S. The attack is targeting users whose default browser language is English, French, German, Italian, Polish or Breton, Armorize said. The company estimates that there are about 180,000 pages involved in the attack at this point.
The last couple of years have seen quite a few of these kinds of attack, including the LizaMoon attack earlier this year and another that targeted sites running Microsoft IIS last year. The attacks take advantage of poorly configured or secured Web servers and then use those compromised pages as jumping-off points for second-phase attacks against visitors to the sites. Those client-side attacks typically involve drive-by download attempts that exploit vulnerabilities in common browsers or components, such as Flash or QuickTime.