IFRAME Virus injecting malicious code

It's probably safer and less expensive if you simply walk or Drive to the store!

A massive Web attack, first reported by security researcher Dancho Danchev earlier this month,(everyone SHOULD have listened better to him!) has expanded to hit more than ONE million Web pages, including many sites YOU probably shop online at - like Wal-Mart. Maybe you better just go there instead!

"The number and importance of the sites has increased," wrote Danchev in a Friday blog posting where he reported that trusted Web sites such as USAToday.com, Target.com, and Walmart.com have been hit with the attack."

The hackers behind this have not actually "hacked" into servers, but are using the Webs OWN programming errors to inject this code into search results pages created by the Web sites OWN internal search engines!

Wow - it's a NEW crime - a hacker that hasn't hacked! What do we call that? Do we have a law for that yet? Shall we call them *Whackers*?? :}

Here's an example of how a *Whack/Hack* attack works:

The Whacker (hacker?) searches for popular keywords, like "furniture" on the Wal-Mart Web site using its internal search engine. But instead of running a normal search, the (hacker?) adds on an HTML command to the end of his search string. HTML = hyper text markup Language...the stuff we write websites with mainly.

This command then opens up an invisible "iframe" window in the victims browser which then redirects to a malicious Web site, which then (if successful) installs fake antispyware or a version of the "Zlob Trojan Horse" - a malware on the victims (meaning YOU) PC.

And hear this! These (hackers?) actually have great Google rankings!!

In order to boost their Google rankings, Web sites often save a copy of these search results and submit them to Google. When a victim searches Google for the keyword, these cached search results then pop up, with the malicious code now inside them.

"Malicious parties are actively poisoning these sites' search query caching feature to position the keywords among the top ten search results, thereby infecting anyone coming across them," said Danchev, in an instant-message interview. (Gotta love that - an IM interview!)

Danchev believes that more than 1 million Web pages have been infected using this technique.

"The more keywords they submit with [malicious] script, the more pages with popular keywords the high page ranked sites would cache," he said. This really increases the chance that someone will see the search results hosted on the reputable site and click on the (whacker/hacker) malicious page(s).

The Websites that have been mangled with this attack could fix the problem by doing a better job of checking the search queries on their internal search engines to make sure that there is no malicious code in them.

Hackers? (Whackers to me) are, of COURSE, always looking for ways to install their code on trusted Web sites. (Not very HARD to do!)

In a few weeks, security workers have found hundreds of thousands of Web pages affected by this and other similar attacks.

Were YOU oblivious to this when you ordered your lawn furniture yesterday?