The attacks were first spotted by the security firm FireEye, which identified the target as VFW.org, the homepage of the Veterans of Foreign Wars. "We believe the attack is a strategic Web compromise targeting American military personnel amid a paralyzing snowstorm at the US Capitol in the days leading up to the Presidents Day holiday weekend," reps for FireEye wrote on the company blog.
FireEye believes that hackers used a vulnerability in Internet Explorer 10 to "silently redirect" visitors from VFW.org to a shadow site, in the process infecting thousands of computers with spyware. (You can find a more thorough explanation of the zero-day attack here, courtesy of the FireEye team, but unless you're a computer professional, you'll want to have easy access to a dictionary of technical terms.)
The VFW has not issued an official statement on the attacks, but Microsoft says it is "aware of [the] targeted attacks."
"We are investigating and we will take appropriate actions to help protect customers," the company said in a statement.
But that may not be the end of the threat. In an interview with Computerworld, Darien Kindlund, manager of threat intelligence for FireEye, said the perpetrators of the attack – dubbed "Operation SnowMan" by FireEye – were committed and likely "fairly sophisticated."
"Once this operation subsides, they'll probably restart again," Mr. Kindlund said. "It still seems they're achieving mission success based on the slight tweaks they've done to their attack methodology."