According to SC Magazine:
The attack is called “Nine-Ball” because of the name of the final, malicious landing page, which is loaded with drive-by exploits, that unsuspecting users automatically are redirected to if they visit one of the compromised sites.
Ninetoraq.in, the exploit site, contains malicious code that looks for already patched vulnerabilities in Acrobat Reader, QuickTime, Microsoft Data Access Components (MDAC) and AOL SuperBuddy, which it then attempts to exploit, Stephan Chenette, manager of security research at Websense, told SCMagazineUS.com on Wednesday.
The flaws have all been patched; some date back to 2006, Chenette said. But, the Reader and QuickTime vulnerabilities are newer, making it less likely that users are patched for them. If the maliciouscode finds an unpatched vulnerability to exploit, it either drops a malicious PDF file or a trojan designed to steal user information, Chanette said.
All of the exploits currently have low detection rates, he added.
For Full Story:
"Nine-Ball" mass injection attack compromised 40,000 sites