Malware purveyors are exploiting web vulnerabilities in,, and a dozen other sites to foist rogue anti-virus on
unsuspecting netizens.

The ongoing attacks are notable because they use exploits based on XSS, or
cross-site scripting, to hide malware links inside the URLs of trusted sites.
That’s something application security expert Mike Geide doesn’t see often. As a
result, people who expect to visit sites they know and trust are connected to a
page that tries to trick them into thinking their computer is infected.

"What’s interesting … is the fact that it’s embedding iframes to redirect
people," Geide, who is a senior security researcher at Zscaler, told The
Register. "Typically, cross-site scripting is just that — it embeds script tags
so it will embed javascript to run."


Оставить мнение

Check Also

Давай напишем ядро! Создаем простейшее рабочее ядро операционной системы

Разработка ядра по праву считается задачей не из легких, но написать простейшее ядро может…