US-CERT is following reports of SQL injection attacks that have compromised a large number of legitimate websites. The compromised websites contain injected JavaScript that attempts to exploit multiple, known vulnerabilities. Users who visit a compromised website may unknowingly execute malicious code.

US-CERT encourages users to do the following to help mitigate the risks of this and similar attacks:

• Regularly apply software updates and patches provided by vendors.
• Disable JavaScript and ActiveX as described in the Securing Your Web Browser document.