In this attack, hackers exploit a security flaw in a popular file used by Wordpress and other website-building platforms to crop and resize images ("Timthumb.php," thus the name).
Hackers use the security hole to install malicious code or files into a website or server. From there, they can launch spear phishing campaigns and denial-of-service attacks -- where hackers overwhelm a website's server by flooding it with requests, making the site unresponsive.
Timthumb attacks have hit millions of websites over the last two years, most of which have been small businesses, said StopTheHacker's Banerjee.
"Business owners often don't even know that their sites have been infected because it works silently," he said, adding that the security flaw can be fixed with a patch.
By then, the damage has been done. Moreover, an infected website that's launching DoS attacks also runs the risk of being blacklisted by Google.