Hi malware fighters,
There is a currently ongoing malware embedded attack at ZDNet Asia and TorrentReactor, whereas the IFRAME-ing tactic remains the same. The site's search engine seem to have been exploited, re-directing to TROJAN.DOWNLOADER.GEN sites, the first one to detect this was Dancho Danchev:
http://ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.htmlThe clever new way to hose Google results is described here:
http://www.theregister.co.uk/2008/03/06/googe_iframe_piggybacking/The search results also have the dirty search results with IFRAME-s among them. The IFRAME-tags redirect ignorant users to sites, connected to the notorious Russian Business Network, according to F-Secure. These sites try to install malware with names like 'XP Antivirus 2008' en 'Spy Shredder Scanner'.
Scan before you click (DrWeb's hyperlink av-scanner plug-in) or have NoScript installed inside Flock 1.1.
or Firefox 2.0.0.12,
polonus
