A large malicious web redirect campaign affecting hundreds of websites. Attackers subvert existing, legitimate websites to affect unsuspecting users. All of the affected web servers that we have examined use the Linux 2.6 kernel. Almost 400 distinct hosts were affected each day on March 17 & 18. The attack itself happens in multiple stages. Attackers compromise an existing website, append a line of JavaScript to multiple.js files hosted on the site. This causes visitors to load and run a new JavaScript file served from a second compromised host.”]
Source: https://blogs.cisco.com/security/mass-compromise-of-the-obsolete