After a quick investigation, I found that some javascript had been injected into some of the pages of my blog and unfortunately some of my visitors may have been infected. Hopefully they had antivirus software to block the attack. Since I take security very seriously, I outsourced the removal of the injected javascript to Sucuri.net who promptly investigated the issue and has since removed the malware.

The one positive that has come out of this, is that I have now decided to continue with Sucuri’s malware monitoring service to ensure that this type of malware injection doesn’t go unnoticed in the future. Their malware monitoring service now provides as often as hourly monitoring of my sites files and immediate notification if the site was to ever be compromised again.

Apologies to any users who were affected by this attack. We can all learn a lesson from this type of attack as they are becoming more widely spread particularly with popular platforms like WordPress.

Here is an example of what you might receive in the email.

Microsoft Security Bulletin MS06-8447
Cumulative Security Update for Internet Explorer (6063139273)
Published: September 9, 2007

Version: 2.0
Summary

Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Internet Explorer for Microsoft Windows XP Service Pack 2 – Download the update <– THIS IS THE VIRUS LINK

Revisions:

V1.0 (September 9, 2007): Bulletin published

Further information about Microsoft security can be read at http://www.microsoft.com/protect/yourself/phishing/msemail.mspx