/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Websense Security Labs, which has been tracking a recent malicious JavaScript injection that affected thousands of domains at the start of this month, has found that the attackers have now switched over to a new domain as their hub for hosting the malicious payload.
The mass injection is remarkably similar to the attack seen earlier in the month, said Websense. The company said it has seen the number of compromised sites increase by a factor of ten.
When a user browses to a compromised site, the injected JavaScript loads a file named 1.js hosted on http://www.nihao
The JavaScript code then redirects the user to 1.htm (also hosted on the same server). Once loaded, the file attempts eight different exploits. The exploits target Microsoft applications, specifically browsers not patched against the VML exploit MS07-004 and other applications.
Sites infected include UK government sites and a United Nations website.