A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations. The infection sneaks malicious javascript onto the front page of websites, most likely by exploiting a common application that leads to a SQL injection. The injected code is designed to look like a Google Analytics script, and it uses obfuscated javascript, so it is hard to spot. Researchers have spotted notable code overlap between Sunburst backdoor and a known Turla weapon.
Source: https://threatpost.com/30000-legit-websites-hit-malware-infection-060109/72740/