90,000+ web pages compromised through iFrame injection
Researchers from security firm Armorize have uncovered a massive iFrame injection attack that has compromised 90,000+ Web pages belonging mostly to e-commerce sites.
The researchers point out that an unsuccessful infection attempt results in the injected iFrame being rendered as content – rather than executed – in the title part of the website (click on the screenshot to enlarge it):
According to them, the initial injected iFrame was later substituted with the following code:
Searching for it on Google reveals some 21,000+ additional compromised pages.
If one of the exploits is successful, the browser downloads and executes malware from a final web page, but Firefox and Safari users can rest safe for now – the page has been reported as an attack site and is currently blocked.
Armorize researchers have not specified what malware had been served for download.