Security Hero Rotating Header Image

Mass Injection Compromises More than Twenty-Thousand Web Sites

Malicious Web Site / Malicious Code: Mass Injection Compromises More than Twenty-Thousand Web Sites

Websense Security Labsâ„¢ Threatseekerâ„¢ Network has detected that a large compromise of legitimate Web sites is currently taking place around the globe. Thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site. The active exploit site uses a name similar to the legitimate Google Analytics domain (, which provides statistical services to Web sites.

This mass injection attack does not seem related to Gumblar. The location of the injection, as well as the decoded code itself, seem to indicate a new, unrelated, mass injection campaign.

Screeenshot of injected code in an injected site:


The exploit site is laden with various attacks. After successful exploitation, a malicious file is run on the exploited computer. The executed malware file has a very low AV detection rate.

Websense® Messaging and Websense Web Security customers are protected against this attack.


Leave a Reply

Your email address will not be published. Required fields are marked *