"We’re estimating that in the last two days alone, between 2,000 and 10,000 servers, mainly Western European and American ones, have been hacked," Kaspersky wrote on its Web site Friday, "It’s not yet clear who’s doing this."

The attackers are most likely using compromised accounts on the Web sites or launching what's known as a SQL injection attack, where hackers trick the Web site's software into inadvertently running malicious commands.

The criminals add a line of JavaScript code onto the hacked sites that redirects victims to one of six servers. These sites, in turn, redirect the visitor to a server in China. That server can launch a variety of attacks, targeting known flaws in Firefox, Internet Explorer, Adobe's Flash Player and ActiveX, Kaspersky said.

If the victim's computer hasn't been patched, the attack code could install a variety of spyware and Trojan horse software, including one program designed to steal World of Warcraft passwords.

These Web attacks have become fairly common this past year, according to Roger Thompson, chief research officer with AVG Technologies. "These guys are pretty busy," he said via instant message. "We see them a lot."