US-CERT has seen reports of an attack that has compromised a large number of legitimate websites. The reports indicate that attackers are modifying the sites and embedding JavaScript code. Users who visit one of these infected websites may be unknowingly redirected to a malicious websites. These malicious websites may then attempt to exploit known vulnerabilities for which patches are available but have not yet been applied to the victim's system.

US-CERT reminds users to regularly apply software updates and patches provided by vendors to help mitigate the risk of this and similar type attacks. Users are also encouraged to disable JavaScript and ActiveX as described in the Securing Your Web Browser document.

US-CERT will provide more information as it becomes available.