Dan Goodin (arstechnica.com)
Dan Goodin, at Ars Technica, conducted an investigation which claimed visitors to sites on infected servers were being served invisible malicious scripts, which in turn exposes visitors to malicious third-party websites which infect web browsers.
“Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of "Darkleech," a mysterious exploitation toolkit that exposes visitors to potent malware attacks,” Goodin wrote.
“The ongoing attacks, estimated to have infected 20,000 websites in the past few weeks alone, are significant because of their success in targeting Apache, by far the Internet's most popular Web server software.”
According to Goodin, although “Darkleech” has been active since at least August, nobody has as yet been able to pinpoint which weakness the attackers are focusing on in Apache-based machines.
“The ability of Darkleech to inject unique links on the fly is also hindering research into the elusive infection toolkit,” he said.