For every infected adult domain identified, there are 99 others with perfectly legitimate content that are also infected, according to a report by Avast.
In the UK for example, there are more infected domains containing the word “London” than any other domain containing the word “sex”. The latest discovery of an infected site is the Vodafone UK website. This infection in the smart phones section shows how advanced the bad guys are at finding ways to deliver the malware to the internet users.
The infection of Vodafone, which was confirmed as still present on the morning of Monday 28th of June, 2010, is an HTML:Script-inf and it is an evolution of JS:illRedir and JS:ilIiframe exploits.
This type of infection is widespread and accounts for 20% of all infected UK pages. The infection takes advantage of a two week old Microsoft Windows vulnerability.
As Avast CTO Ondrej Vlcek explains “The problem is particularly bad because the CVE-2010-1885 vulnerability targets the most widely used version of Windows, and at the present time it is still un-patched. This means that even if a user is running a fully updated Windows XP SP3 with all the security patches, the user is still vulnerable.”