Hackers redirect unwitting victims to a Web site that tries to infect PCs with malicious software

As many as 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense.

The affected sites have been hacked to host JavaScript code that directs people to a fake Google Analytics Web site, which provides data for Web site owners on a site's usage, then to another bad site, said Carl Leonard, threat research manager for Websense.

Those Web sites have likely been hacked via a SQL injection attack, in which improperly configured Web applications accept malicious data and get hacked, Leonard said.

More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133820