[michaldudek]

I don't think the author has a clue of what they are writing about...

"In this case, speed and efficiency have higher priority than human readability, therefore jQuery includes only essential features to keep the code tight and focused by using minimal variable and function names, minimal use of spaces, no comments, etc."

Someone mixing library purpose with minification process.

And I bet that all those infected scripts come from one infected website. They're not out there in the wild spreading through all jQuery installations and all jQuery plugins.

[at-fates-hands]

>>> And I bet that all those infected scripts come from one infected website.

Or one platform - Wordpress.

"Checkmarx, makers of an automated code review solution, recently looked at the top 50 plugins for WordPress examining them for vulnerabilities. Their analysis, published here, found 20% of the top 50 were vulnerable to the most common web attacks. Even more frightening, 7 out of 10 of the leading ecommerce plugins were vulnerable."

"To put this in perspective, this means that vulnerable plugins were downloaded to install in websites about 8 million times!"

http://www.networkworld.com/community/blog/7-10-leading-word...

[pampa]

Actually, they are spreading in the wild, sort of.

There is a parallel universe, where people called "webmasters" upload websites to a hosting account with ftp. They use outdated php cms systems, their home directory is writable by the user/grourp that runs the webserver. They dont use version control and cant tell when a js file is injected with malicious code. They all get injected with js malware every day. There is malware that targets cmses specifically and injects code in the cms libraries or config files directly.