Internet Week says that the Internet Storm Center tracked a large-scaled attack over the weekend. It attacked hosting servers and turned them into distributors of the malicious code.
“It seems that the attack used both direct and indirect means to infect users, said the ISC. In some cases, a script was appended to all home pages of the sites hosted on the compromised servers; the script redirected visitors of those pages to a malicious site (which was offline as of mid-morning Monday), which actually distributed the malicious code.
But ICS also found some evidence that a DNS cache poisoning attack was part of the program. “We are not quite sure yet how this is being done, as the files that we’ve received so far do not seem to contain DNS/DHCP poisoning code.”