It would appear that we have a developing issue originating from various locations in China for the past few days that we (security researchers) are still piecing together.
Having said that, that’s the beautiful thing about hybrid Web Threat Protection (WTP) — we shrink the “time-to-exploit” window immediately by breaking the infection chain.
For now, please be assured that we are burning the midnight oil working on these issues, and will update this blog post as more details become clear. For now, please refer to the SANS ISC Daily Handler’s Diary for details, and we’ll post more as this developing incident unfolds.
One further note: While the numbers are only in the ~4,000 to ~5,000 range (still not small!), there are some very high-profile Web sites that seem to have been compromised in this attack.
PLEASE DO NOT GO SEARCHING FOR WEB SITE COMPROMISES. In this particular case, if you are not adequately prepared and protected, you can become a victim of your own curiosity.
“Fergie”, a.k.a. Paul Ferguson
Internet Security Intelligence
Advanced Threats Research
Image source: Fugato.net