"This is an ongoing campaign, with new domains [hosting the malware] popping up even this morning," said Paul Ferguson, a network architect with antivirus software vendor Trend Micro. "The domains are changing constantly."
More than 500,000 websites were hacked during Tuesday's assault, the latest in a string of attacks dating back to January, Ferguson said, adding that all of the sites are running "phpBB," an open-source message-forum manager.
Ferguson said he wasn't sure how the sites were compromised, but he said Trend Micro is investigating.
"We're not sure if it's [because of] improper configuration of phpBB or a vulnerability," he said. "Open-source applications like phpBB tend to be targeted quite a bit."
Visitors of the hacked sites reportedly were forwarded onto a series of servers, some of which were compromised, until the last in the chain was reached. That server then "pings" the visitor's computer for vulnerabilities such as bugs in Internet Explorer and the RealPlayer media player. If any vulnerabilities are present, malware is downloaded to the computer, according to TechWorld.com.
Several of the hacked sites have been previously affected, Ferguson noted.
"Some had recently been used for keyword search ranking manipulation," he said, "and others to pitch fake pharmaceuticals or just malware."