Posted by: Arian Eigen Heald
Add new tag, information security, SQL Injection, Web Security
As if that were not bad enough, the hacked websites have injected hidden code in an iframe that calls another iframe to connect to a website named 318x. For the really technical details, check the blog post from Mary Landeman at ScanSafe.
318x(a dotcom) downloads particularly nasty malware to the victim, which includes banking trojans. As of this evening, (12/14/09) a Google scan for the script source now has 166,000 websites listed.
If you do the search on Google or Yahoo, all sorts of alerts will go off (which is why I didn’t link it here), but you get infected only if you click on one of the links with the embedded script.
Search your own site for this string of code! If you find it, your website has been compromised, and you’d better find out how. Your customers and users can get infected, and it could get back to your company.