More than 100,000 webpages, some belonging to newspapers, police departments,
and other large organizations, have been hit by an attack over the past few days
that redirected visitors to a website that attempted to install malware on their
The mass compromise appears to have affected sites running a banner-ads
module on top of Microsoft’s Internet Information Services using ASP.net, said
David Dede, head of malware research at Sucuri, a website monitoring firm.
Intljobs.org, The Wall Street Journal’s wsj.com, and tomtom.com.tw have all been
hacked, in addition to The Jerusalem Post and the police department website for
the UK county of Strathclyde.
Google searches on Tuesday indicated more than 100,000 pages were infected,
Dede said, but that number had shrunk to about 7,750 at time of writing.