Security experts say over 40,000 websites have been hacked to redirect unsuspecting users to a malicious site that tries to infect their PCs. The compromised sites were hit with an SQL injection attack which left malicious JavaScript code behind. Users who visit the site are sent to a fake Google Analytics site which sends them to yet another site that scans the PC looking for software vulnerabilities. If it finds them, a host of malware is downloaded and installed on the PC. If it doesn’t, a pop up appears warning the visitor that their system is infected with malware and urges them to download a fake security program that is actually a Trojan. Firefox users beware – the attack targets that browser too.

It’s not clear what is being done with the infected systems but the experts say that they are most likely being added to a botnet for spamming purposes and/or having personal info stolen from them via keyloggers and other malware.

The domain hosting the malware is in the Ukraine where the notorious Russian Business Network is located. The RBN is a known haven for spammers, phishers, hackers and other cyber criminals. It’s not known if they are directly linked to the attack however.

Site owners are advised to disable FTP access or change the log in credentials used for it. They should also scan their site for any suspicious looking code or improperly configured apps.