Forbidden Web

Apr 25, 2008 Compromised Websites Hosting Malicious JavaScript
US-CERT is following reports of SQL injection attacks that have compromised a large number of legitimate websites. The compromised websites contain injected JavaScript that attempts to exploit multiple, known vulnerabilities. Users who visit a compromised website may unknowingly execute malicious code.

US-CERT encourages users to do the following to help mitigate the risks of this and similar attacks:
  • Regularly apply software updates and patches provided by vendors.
  • Disable JavaScript and ActiveX as described in the Securing Your Web Browser document.
For more technical information, visit SANS Internet Storm Center at http://ics.sans.org/diary.htnl?storyid=4331.

US-CERT will provide more information as it becomes available.