Beware the i-Frames of March!

The very latest high profile sites successfully injected with IFRAMES forwarding to the rogue security software and Zlob malware variants :

USAToday.com, ABCNews.com, News.com, Target.com, Packard Bell.com, Walmart.com, Rediff.com, MiamiHerald.com, Bloomingdales.com, PatentStorm.us, WebShots.com, Sears.com, Forbes.com, Ugo.com, Bartleby.com, Linkedwords.com, Circuitcity.com, Allwords.com, Blogdigger.com, Epinions.com, Buyersindex.com, Jcpenney.com, Nakido.com, Uvm.edu, hobbes.nmsu.edu, jurist.law.pitt.edu, boisestate.edu.

http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html

Via:

http://sunbeltblog.blogspot.com/2008/03/massive-iframe-continues-to-hit-top.html

Hmm i wonder how affective blocking the main IP addresses that are injected as IFRAME redirection points through a firewall/peerguardian etc ???

–lee

Don’t worry too much: these guys are picking low hanging fruit with old exploits. Even the social-engineering of the fake codecs they push is ‘old hat’ now.