ZDNet is reporting that ScanSafe has found around 55,000 websites that are compromised with malware today. As of right now, doing a google search for “script src=http://a0v.org/x.js” (the I-Frame tag used in the infection—If this link is clickable DO NOT CLICK IT) results in 107,000 hits. Some of those are not malicious, but are reporting about the compromise.
What does this mean? It means that if you’re a webmaster you need to search for this tag. If your site is listed, you need to scrub your site and reinforce your security measures. If you’re a web surfer, you need to be careful about where you go.
55,000 or even 107,000 doesn’t sound like a lot of sites in the big picture. But, if you’re looking for sporting heroes, charities, cruises, information about studying in China, or assisted living facilities (just to name a few types of sites that are compromised) you need to worry.
It appears that at least some of the sites are compromised on their “Contact Us” pages. So, without actually visiting the sites, I can only guess that the I-Frame is hiding over top of the Submit button on the contact form. This is a form of “Click-jacking”.
If you have to use Internet Explorer, then I suggest turning on Protected Mode and paying close attention to what’s going on. If you’re looking at a site and it wants to download something, click “No”. If the site doesn’t work properly, you can always refresh and click “Yes”. I don’t recommend clicking the “Allow on all Websites” option, as this effectively defeats the purpose of Protected Mode.
And you need to make sure your antivirus and antispyware programs are updated and doing their jobs too. While this malware may be new enough that it’s not detected immediately, the antimalware community will catch up to it.
Tread carefully for a while. Moreso than you should be already.
Have a great day:)