Online fraudsters have compromised a large number of Web sites this week in an ongoing attack that installs hidden
iframe components to redirect visitors to sites hosting malicious code.
So far, the attack has compromised hundreds of domains and more than 50,000 Web pages, according to handlers at the SANS Institute's Internet Storm Center. The attackers may be linked to a similar defacement in January that led to the Web site of the Superbowl venue, Dolphin Stadium, being hacked, ISC handler Mark Hofman stated on Friday.
"The good news so far is that the executable being downloaded seems to be detected by most AV (antivirus) products," Hofman wrote.
Two-stage attacks involving defacing Web sites with hidden
iframe code, which then redirects visitors to malicious Web sites that infect their computers, have become increasingly common. Infection tools, such as MPack, frequently use the technique. In April, a security firm reported that motherboard maker ASUS's Web site had hosted
iframe code that used a flaw in how Microsoft Windows handles animated cursors to infect victims' PCs.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos