Source: The Register and vnunet.com
On the order of 10,000 websites have been invisibly modified with IFRAME links to a site hosting an exploit package called "MPack". It's not currently known how the mass defacement was effected. None of the exploits employed by this particular MPack installation are zero-day flaws. "MPack" is a general browser-exploit service coded in PHP, similar to "Web Attacker" which is written in Perl.