Mohit Hira, Director in charge of Marketing at Times Internet Ltd, asked that we publish the following update (Times Internet is the parent company for indiatimes.com):

Some sections of the Indiatimes network have indeed been under a cross-scripting or XSS attack which redirects visitors to URLs that exploit multiple vulnerabilities on their systems in an attempt to download malicious software/spyware onto them.

Attempts are on to contain the spread of adware/spyware being spread from our servers and we have already isolated some servers successfully. However, Times Internet would like to caution its users that, until such time as the malicious code is isolated and quarantined completely, they should upgrade their security systems and be on guard when using authentication-based services on our sites.

While it is not completely known whether any other sites of Indian origin have also been subjected to a similar assault, the fact is that some of our services were rendered vulnerable by malware and we are working closely with our technology partners to rectify this on a priority basis.

We have already alerted our users and shut down some services temporarily.

It's commendable that the Times Internet seems to be leaving no stone unturned in their drive to get this issue corrected. We've identified about 3 dozen other sites that have fallen victim to the same compromise and will be reaching out to each of them today. Our hope is that all will react with the same attention to detail that the Times Internet is focusing on this.