A security firm called Finjan has discovered over 10,000 websites infected by a toolkit called "random js toolkit". The kit stores the IP addresses of web crawlers sent by anti-virus tools and security firms to examine web pages and when it detects one it serves up legit content to fool the crawler. According to Finjan researchers, a server belonging to an advertising company serving banner ads to over 14,000 sites was also hacked. Anyone visiting a site with one of these malicious banner ads is at risk of being infected themselves. To avoid being blacklisted, the kit serves up random URLs and even its exploits are dynamic and designed to change based on patches and vulnerabilities found on the victim's computer. This sharply increases the chances of being infected.The malware stores login and password details on a server in Spain, leading the researchers to believe a single gang of cyber criminals is behind the attacks. You can read Finjan's full report here.