ReadWriteEnterprise

This morning, Fraser Howard and the security researchers of Sophos Labs are reporting this discovery: The recent wave of Web site defacement attacks, including one against the outreach site for the National Cyber Security Alliance, appear to have a common source: Something is injecting malicious <IFRAME> elements into the front pages of everyday Web servers.

What makes this particular malicious injection different from thousands of others, Howard learned, is that the injected PHP code quite cleverly checks the URL and user-agent string of the requesting client, to determine whether the client is accessing the page through a search engine link, such as Google.