ScanSafe reported that over 10,000 web sites hosted on Linux servers running Apache are infected with files that generate constantly-changing malicious JavaScript. When visitors reach the hacked site, the script calls up an exploit cocktail that includes attack code targeting recent QuickTime vulnerabilities, the long-running Windows MDAC bug, and even a fixed flaw in Yahoo Messenger. If the visitor’s PC is unpatched against any of those exploits it’s infected with new variant of Rbot, the notorious backdoor Trojan, and automatically users PC is added to a botnet. Users can protect themselves from attack by making sure all software on their systems is patched and that their security software signatures are up-to-date. Website administrators should disable dynamic loading in their Apache module configurations.