More JavaScript/IFRAME Injection Attacks Found

ISC is carrying another story which talks about more sites being found hosting similar attacks to those that targeted the Dolphin Stadium site. As an aside, I think it rightly refers to these as web defacements because the old definition of replacing someone's website with obvious content is almost unheard of nowadays. Instead these "silent defacements" more accurately reflect the current state of for-profit malware.

As with the previous stories, you the reader can play along at home by simply typing "script 8.js" (no quotes) into google, to see a sad state of affairs (or 1.js or 3.js). Now think about how many injections out there are probably not using such a trivially revealed naming scheme…