Watch out, thousand of legitimate website might be hosting malicious software...
Up to 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense.
Those Web sites have likely been hacked via a SQL injection attack, in which improperly configured Web applications accept malicious data and get hacked. Another possibility is that the FTP credentials for the sites have somehow been obtained by hackers, giving them access to the inner workings of the site. It appears the hackers are using automated tools to seek out vulnerable Web sites.
Refer here to read full details.