Approximately 20,000 websites have been compromised with code that could allow a user’s system to be exploited remotely, Symantec security researchers have warned.

The attacks, which began on Tuesday, originally involved two Chinese sites hosting exploits for the flaw: wuqing17173.cn and woai117.cn. Further analysis by Symantec indicated another domain involved: dota11.cn.

Malicious code is being injected into third-party domains, probably through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files, according to an advisory on Symantec’s SecurityFocus site.

The code exploits a flaw in Adobe Flash Player versions 9.0.115.0 and 9.0.124.0. Other versions of Flash Player may also be affected, Symantec warned. The flaw, which appears to be a buffer overflow vulnerability, occurs when Flash Player processes a malicious Shockwave Flash (SWF) file. Normally SWF files contain animations or interactive applications.

Read the rest of this entry »