"Researchers at Websense have discovered a mass injection attack that is redirecting Web browsers to a malware-bearing site.
According to a weekend report
by researchers at Websense, thousands of legitimate Web sites have been
discovered to be injected with malicious Javascript, obfuscated code
that leads to an active exploit site.
"The active exploit site uses a name similar to the legitimate Google
Analytics domain (google-analytics.com), which provides statistical
services to Web sites," the report says. "This mass injection attack
does not seem related to Gumblar. The location of the injection, as
well as the decoded code itself, seem to indicate a new, unrelated,
mass injection campaign.""
Read more: http://darkreading.com/security/attacks/showArticle.jhtml?articleID=217701136