it was in the press today that a known security hole in a common open source program was being exploited by a hacker to install a trojan that in turn installed the trojan on any visitors to the website... on the basis they said it was impacting ecommerce sites, property sites, directories etc it sounds like it is a CMS that has the hole. Does anyone know which OS program that it is?
perhaps you meant this : http://www.scmagazineus.com/DHS-funded-project-uncovers-open-source-flaws/article/104285/
That appears to be a different news article as the BBC website said it was a single application with the hole and that the hole was well known but that it was new that people had exploited it, just they didnt name the application
This happens all the time, nothing new. just make sure you follow your CMS / Forum updates, and stay alert for new files / logs on your site.
We dont use any off the shelf CMS systems, this attack actually installs in the root of the server itself (not just the webserver) and changes its key on each new user which is why they warned against it as most anti-virus cannot catch it - surprisingly it wasnt just an advertising campaign as the company highlighting the issue admitted their own software cannot catch it either (sure there will be an update soon saying that their latest version can though). Was just curious to see which software it was... given the range of sites impacted assumed it was a CMS