TrendLabs received reports of a massive attack against legitimate e-commerce Web sites, particularly in the U.K., with one or two references to Dubai, UAE. These Web sites are injected with the following malicious JavaScript code, which takes advantage of several vulnerabilities to infiltrate an unsuspecting user’s system.

The random file name of the said JavaScript brings difficulty in searching for more compromised pages. Add to that the fact that said JavaScript is hosted in the compromised domain itself. This routine is unlike other compromises where Web sites are usually injected with either a malicious iFrame link or found to host a JavaScript in _other_ domains usually created and registered solely to host the malicious code or payload for these types of threats. For example: <script language=’JavaScript’ type=’text/javascript’ src=’http://otherdomain/maliciousscript.js’></script> E-commerce Sites Invaded | TrendLabs | Malware Blog - by Trend Micro

Technorati Tags: