Home arrow US-CERT Computer Emergency Readiness Team arrow Compromised Websites Hosting Malicious JavaScript

Compromised Websites Hosting Malicious JavaScript

US-CERT is following reports of SQL injection attacks that have compromised a large number of legitimate websites. The compromised websites contain injected JavaScript that attempts to exploit multiple, known vulnerabilities. Users who visit a compromised website may unknowingly execute malicious code.

US-CERT encourages users to do the following to help mitigate the risks of this and similar attacks:

  • Regularly apply software updates and patches provided by vendors.
  • Disable JavaScript and ActiveX as described in the Securing Your Web BrowserSecuring Your Web Browser document.
For more technical information, visit SANS Internet Storm Center at http://ics.sans.org/diary.htnl?storyid=4331http://ics.sans.org/diary.htnl?storyid=4331.

US-CERT will provide more information as it becomes available.