What has surprised investigators most is the speed at which the infections have spread. The number of infected sites has grown quickly from around 2000 to 10,000 within a couple of days. Most of the sites infected are small and range from pop star appreciation sites to travel and charity organisations. The FBI is working to contain the damage and track down the cyber crooks.
It's not yet clear if the attackers are exploiting security holes on the servers themselves or hacking into service provided infrastructure, but reports conclude that an automated tool is searching for vulnerable sites. Once a server is infected, the cyber criminals install an invisible iframe into the web page that secretly redirects the visitor to other sites, which then install the Trojan code.
Most of the infected sites are hosted in Italy, but the redirects lead back to servers in San Francisco and Chicago, which are registered to owners in Hong Kong. The authorities in the US are trying to reduce the damage of the malicious code by shutting the San Francisco and Chicago sites down.
The attack marks the growing trend of propagating viruses, worms and other malicious software via websites, rather than email. With the improvement of email spam and virus filters, as well as the increased awareness by the general public of the risks of opening attachments from unknown senders, hackers are now targeting websites to spread their malware, which are harder for users to detect.
