Security company Finjan today reported it has found more than 1,000 sites infected by an attack toolkit called "Asprox," which exploits discovered flaws in a vulnerable site's programming to add hidden attack code.
I wasn't struck by the number - these days, 1,000 sites unfortunately isn't that many - so much as by the list of sites that Finjan says were hacked.
As with a previous SQL injection round I wrote about in May, you can check to see if your site has been infected by running a Google search.
IMPORTANT:
This time around, you'll need to run these three different searches, as the attack is inserting different code into different sites.
site:yourdomain "b.js"
site:yourdomain "ngg.js"
site:yourdomain "fgg.js"
When I ran those searches just now I turned up plenty of still-infected sites, so again, be extremely careful about visiting any of them. If your site turns up in search results, contact your IT department or hosting provider immediately.
Whether or not your site turns up, it's also a good idea to run the free Scrawlr tool
Also, for your own computer's safety, it's critical to keep all your software - not just the browsers and the OS - up-to-date with patches. Finjan writes that this attack kit goes after flaws in QuickTime and the AOL SuperBuddy as well as Windows.
For more on the assault, see Finjan's blog posting.