Another hack to keep an eye on

Add another one to the list, a fairly extensive cross site scripting hack currently in action, pushing porn, and ultimately malware.

The images displayed are extremely graphic in content. When an image is clicked, the user is redirected to a site pushing a fake antispyware program.

Xss238823488

Xss238823488aa

Xss238823488b

Searching Google for the term “href=//imagesoap” pulls up a large number of results. (Warning: the results returned are highly graphic in content, and do lead to malware.)

Xssgooglesearch1238

Sites observed as infected include:

faa.org
movieweb.com
finlayongovernance.com
exmoorcastingsupplies.co.uk
interbrand.com
montecarlofans.com
ceiling-fans.biz
paxworld.com
travelandleisure.com
flexexamples.com
venganza.org
killerfrog.com

And plenty more.