Last week Websense Security LabTM ThreatseekerTM Network released a security alert that stated more than 20,000 legitimate websites have been compromised by mass injection. These legitimate sites have been injected with JavaScript that leads visiting users to a malicious site that looks for active exploits on the users' computer. Once an exploit is found, the site loads malicious code on the user's computer. What's scary about this is that the infected websites have no idea that they are infected. Websense further states that the detection rate by antivirus software is very low.
Regardless, if you are hosting your own website or paying a third party to do the hosting for you, you should investigate the security software and procedures that are applied to protect your website. Call in the experts if you have to, but you need to make sure that your site is not causing your visitors to become infected with malware. To put it another way: The cost of the bad publicity will far exceed the cost of hiring an expert in the web security field.
Hmm — there should be some tags we could search for to check for that — and the website should show files as being modified as of a date after our last modification.
The article name in the blog is a hyperlink so you can click on it. Or use the following link:
http://securitylabs.websense.com/content/Alerts/3405.aspx