According to Jorge Mieres with Kaspersky's Argentina operation, the techniques seen in drive-by-downloads that inject malicious Javascript into websites are combination of social engineering and deception.
Over the last weekend, Mieres says his team encountered a fake Virustotal website that has a Javascript-driven attack serving up the Worm.MSIL.Arcdoor.ov malware.
The worm, he adds, was developed to recruit zombies that will be part of a botnet designed to perform distributed denial of service attacks using synflood, httpflood, udpflood and icmpflood techniques.
The communication, claims Mieres in his security posting, centres on a command and control server that stores information uploaded from the victim's computer.
Usually, he explained, these types of attacks operate via a central hub that uses DDoS web applications such as N0ise, Cythosia, or NOPE.
These applications, he says, have a high impact and demand amongst hackers, most notably from Germany.