Massive iFrame attacks on top Web sites still threaten online searches. The threat is not just continuing but, according to independent Internet security researcher Dancho Danchev, is getting bigger as well.

Trend Micro has recently reported two high-traffic sites that were iFramed earlier this month. The said attack relied on popular search terms that were not validated in search engines. Interestingly, this previous attack came less than a week after search results of popular Web sites ZDNet Asia and TorrentReactor were also found to have been iFramed.

Danchev says that the current poisoning also leads users to several redirection posts. He again lists what he believes are poisoned sites. These include the following:

• USAToday.com
• ABCNews.com
• News.com
• Target.com
• Packard Bell.com
• Walmart.com
• Rediff.com
• MiamiHerald.com
• Bloomingdales.com
• PatentStorm.us
• WebShots.com
• Sears.com
• Forbes.com

Trend Micro Threat Response engineers analyzed the said pages and found no traces of an ongoing compromise. The sites may have been already fixed by the time of our engineers’ verification. However, the threat in general continues to persist, as it would be very possible to encounter iFrame injections in some future time. Security researchers have yet to close in on a foolproof way to lock down a site from being compromised.

The Mac world is shaken. IDG News Service’s Robert McMillan reports that Charlie Miller and two other security researchers from Independent Security Evaluators have hacked the wickedly slim Apple MacBook Air in a fleeting two minutes and walked away with $10,000 cash prize, the gorgeous laptop, and tons of bragging rights in CanSecWest PWN to OWN 2008 contest held in Vancouver. Miller’s earlier claim to fame was in being one of the researchers who first hacked the iPhone last year. That must make him Apple’s most favorite person in the whole world!

This contest, other than giving hackers an opportunity to win big money, aims to present new vulnerabilities in certain systems so that the affected vendors can address them. Open for attack were a Sony VAIO VGN-TZ37CN running Ubuntu 7.10, a Fujitsu U810 running Vista Ultimate SP1, and as mentioned, a MacBook Air running OSX 10.5.2. As of this writing, the VAIO and Fujitsu are still standing strong.

Miller’s team was able to expose MacBook Air’s vulnerability by “tricking” the judges into visiting a Web site where they have already set up an attack code. According to the sponsor’s Web site TippingPoint DVLabs blog, a newly discovered vulnerability in Safari, the browser that comes pre-installed in Air, was used to gain control of the system. Understandably, the more detailed method cannot be made public as previously agreed in a contract signed by the contestants.