High ranking sites are still a target for malicious code injection. Last week, the site euroticketshop.com reselling tickets for the Euro 2008 soccer matches put visitors at risk of a drive-by infection.
The attacks are really ramping up the attacks and more sites are falling victim to it:
USAToday.com, ABCNews.com, News.com, Target.com, Packard Bell.com, Walmart.com, Rediff.com, MiamiHerald.com, Bloomingdales.com, PatentStorm.us, WebShots.com, Sears.com, Forbes.com, Ugo.com, Bartleby.com, Linkedwords.com, Circuitcity.com, Allwords.com, Blogdigger.com, Epinions.com, Buyersindex.com, Jcpenney.com, Nakido.com, Uvm.edu, hobbes.nmsu.edu, jurist.law.pitt.edu, boisestate.edu.
So how good are our virusscanners against the embedded malware?
Scanners Result: 12/32 (37.5%)
Scanners Result: 2/32 (6.25%)
Scanners Result : 11/32 (34.38%)
Hmmm..... a very gloomy picture but it doesn't surprise me.
For the time being, Google is actively filtering the results, in fact removing the cached pages on number of domains when I last checked, the practice makes it both difficult to assess how many and which sites are actually affected, and of course, undermining the SEO poisoning, as without it the input validation and injecting the IFRAMEs would have never been able to attract traffic at the first place.Read the full analysis of Dancho Danchev with the IP blocks of the hosted malware and the juicy details.
The attack is now continuing, starting two weeks ago, the main IPs behind the IFRAMES are still active, new pieces of malware and rogue software is introduced hosting for which is still courtesy of the RBN, and we're definitely going to see many other sites with high page ranks targeted by a single massive SEO poisoning in a combination with IFRAME injections. Which site is next? Let's hope not yours, as if you don't take care of your web application vulnerabilities, someone else will.
So for the affected (infected) websites, upgrade your security and do input validation !!! End users, make sure your systems are patched and up-to-date. And I don't mean just Microsoft patches but your browser plugins. Check here.