Barely a week after search results of the Web sites of ZDNet Asia and TorrentReactor were found to be iFramed, two more high-traffic sites are seen to have been attacked in a similar manner, if not by the same malicious users as those behind the first.
Independent Security Researcher Dancho Danchev posted in his blog that search engines of Wired.com (a technology trend site related to Wired magazine) and History.com (the History Channel’s site) are injected with malicious codes as well, handing users infected results.
The latter two Web sites are also caching search results like the previous two. Because inputs are not validated in their search engines, executable codes are easily submitted and are automatically executed when a user accesses a cached page with popular search keywords.
Danchev lists these other sites currently affected by this type of attack:
An attack like this relies on the popularity of search terms without malicious users actually embedding iFrames on hosts.
Trend Micro researchers are further looking into the malware involved in this attack.