In a new style of hacking on the Internet, the sites are mostly those of smaller merchants and professional companies, Web site security company Armorize said.
A criminal gang using computer servers located in Ukraine is responsible for converting the legitimate Web sites into delivery mechanisms for "drive-by downloads" of malicious software that silently steals account passwords, identity data and credit card data, Wayne Huang, chief technical officer at Armorize, told USA Today.
The infected computer also can be recruited into a "botnet," a network of infected PCs controlled by the hackers to spread spam and engage in other criminal activities, security researchers say.
"The misuse of numerous small sites is making the Internet a much more dangerous place," says Alena Varkockova, lab analyst at anti-virus company Avast. "Even the unimportant sites can do big harm when misused."