For a long time, we spoke regularly about IFRAME injection. This year, many pages belonging to legitimate sites were secretly modified. Many will remember the Italian Job and the thousands of infected sites in the realm of tourism, the car industry, movies and music.

The people behind these attacks love to use highly topical issues in order to attract as many people as possible. This week in my country, the visit by Libyan President Muammar Khadafi is stirring controversy. It has made many headlines in France. No doubt this is why the French Embassy Web Site is now infected by malicious code. Please do not attempt to reach the site, it is still dangerous.

This first iframe, routes the victim to sites hosted through Hong Kong provider. Two further links then redirect the visitor.

From Hong Kong, we move to Russia and Ukraine where exploit and downloaders are used (Exploit-YIMCAM and downloader-AUD).

Once again, we can see how people involved in such attacks use dedicated malicious web sites in various countries to make it difficult to defeat them. It is especially difficult when an ISP accepts to host web sites without verifying the lesser data the criminals enters when they register. The following example I found when I looked at this attack fully demonstrates this: