Following last week's, massive SEO poisoning combined with IFRAME injections due to input validation flaws at sites with high pageranks, these are the very latest high profile sites successfully injected with IFRAMES forwarding to the rogue security software and Zlob malware variants like the one in the previous campaigns are :
USAToday.com, ABCNews.com, News.com, Target.com, Packard Bell.com, Walmart.com, Rediff.com, MiamiHerald.com, Bloomingdales.com, PatentStorm.us, WebShots.com, Sears.com, Forbes.com, Ugo.com, Bartleby.com, Linkedwords.com, Circuitcity.com, Allwords.com, Blogdigger.com, Epinions.com, Buyersindex.com, Jcpenney.com, Nakido.com, Uvm.edu, hobbes.nmsu.edu, jurist.law.pitt.edu, boisestate.edu And this is the latest assessment of the situation in terms of the malware served and the domains/IPs involved : http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/