Security firm Websense is warning that that the mass LizaMoon SQL injection attack discovered earlier this week is much bigger than previously thought, and that over 380,000 URLs have been affected.
The firm first warned of the attack on Tuesday, claiming that hackers had injected a single line of code into thousands of web sites, linking the viewer to a well-known fake anti-virus site at defender-uqko.in.
Among the pages infected were several iTunes URLs, although Websense explained that Apple's security measures would have blocked any attack.
Initially it was thought that the mass SQL injection attack affected some 28,000 domains, but that number has now increased more than 10-fold.
Carl Leonard, senior manager at Websense Security Labs, argued that LizaMoon is now one of the largest mass injection campaigns ever seen.
"We have been monitoring the attack since it came out and noticed that the number of the compromised URLs is still increasing, moreover, more domains - different payload sites - have started to be involved in addition to the original lizamoon.com," he said.
"The payload sites remain inactive at present although they could be ‘switched' on at any time. We can only speculate as to what the bad guys are waiting for."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago