The United Nations and United Kingdom government Web sites have fallen victim to a widespread malware attack that have infected hundreds of thousands of legitimate sites worldwide.

The exact number of sites that have been compromised is unknown, said Hubbard, vice president of security research at Websense Inc. He estimated that it’s similar to the March attacks, which at their height infected more than 100,000 URLs, including prominent domains such as MSNBC.com.

When a user navigates to a compromised site the injected JavaScript loads a file into the user’s browser, which then uses eight different exploits that target Microsoft applications, Websense said. The exploits then allow the attackers to steal user information.

By infecting hundreds of thousands of well-trafficked, well-known websites simultaneously, the attackers only need a window of a few hours to harvest a large number of potential victims. Web users and organizations without real-time protection may be vulnerable.