Hackers have compromised about 40,000 legitimate Websites, infecting them with malicious JavaScript that ultimately redirects users to a malicious site — typo-squatted misspellings of legitimate Google Analytics domains. "The Google Analytics site serves as a statistics keeper, and the Beladen site is used to host the exploits," said Stephan Chenette of Websense Security Labs. "It analyzes the end-user PC and attempts to exploit several different unpatched vulnerabilities … If none of the unpatched vulnerabilities exist, it delivers a popup claiming that the PC is infected in an attempt to trick the user into installing rogue anti-virus software."

More Info: eWeek