Thursday, August 27, 2009 Mass Injection, with regional stats

The reported mass injection for almost 85K web site is not yet over, and it is increasing every day. The original post was released few days ago by ScanSafe followed by media coverage from The Register.

The injected malicious IFrame is pointing to hxxp://, with no obfuscation of any kind, with further redirection to other malicious sites.

Querying Google for infections in several countries in the region, gives the below very low numbers:
Egypt 3
Saudi Arabia 3

Using Google query again for checking the Arabic site gives 28 infections

WebsSense released more details on several exploits used.

No comments: