The method of using an injected script redirects users to a rogue AV site, which tries to get people to install a fake anti-virus program called Windows Stability Center.
When WebSecurity discovered the attack on March 29, 28,000 URLs had been compromised. The number quickly grew to 226,000, including many iTunes URLs (though the malicious code is neutralized by Apple).
“The good thing is that iTunes encodes the script tags, which means that the script doesn’t execute on the user’s computer,” WebSense security blogger Patrik Runald wrote on Tuesday, “So good job, Apple.”
The number of infected sites now appears to be over 1.5 million (at the time of this blog post, a quick Google Search shows 1.53 million infected URLs) — but WebSense is quick to point out that a Google Search is an inaccurate metric. Google search spits back unique URLs, not unique hosts. Thus, there are likely less than 1.5 million infected sites, but WebSense says it’s safe to say that the number is in the hundreds of thousands.