Security researchers from Armorize have intercepted a currently live mass iFrame injection attack, affecting over 90,000 Web pages.
How did the attack take place? Malicious attackers are either abusing input validation flaws within the vulnerable sites, or have been harvesting botnets for stolen FTP credentials in order to embed the pages with the malicious iFrame.
Go through related posts:
- More High Profile Sites IFRAME Injected
- ZDNet Asia and TorrentReactor IFRAME-ed
- Massive IFRAME SEO Poisoning Attack Continuing
- More CNET Sites Under IFRAME Attack
- Wired.com and History.com Getting RBN-ed
- Embedding Malicious IFRAMEs Through Stolen FTP Accounts
- Embedding Malicious IFRAMEs Through Stolen FTP Accounts - Part Two
- Injecting IFRAMEs by Abusing Input Validation
The iFrame domain willysy(dot)com is currently flagged as malicious.