On the heels of recent iframe attacks, we're currently tracking another mass compromise. This attack involves injection of script into valid web page to include a reference to a malicious .JS file (sometimes in the BODY, other times in the TITLE section). The .JS file uses script to write an IFRAME, which loads an HTML file that attempts to exploit several vulnerabilities, including:

* MS06-014 * RealPlayer (ActiveX Control) * Baofeng Storm (ActiveX Control) * Xunlei Thunder DapPlayer (ActiveX Control) * Ourgame GLWorld GlobalLink Chat (ActiveX Control)

Avert Labs says its initial look shows more than 10,000 web pages have been compromised so far, and that "analysis is ongoing."

Also Wednesday, CA reported a new threat that it is classifying as a "high" threat: Dialer.Saristar, as well as a couple of other threats, including one which it is saying is "critical."

Pardon this blog item being cut short, but there are a firewall and some AV applications around here that may need double-checking.

Update, 7:36 p.m. ET - McAfee Avert Labs has updated its information, and provided a video showing what happens on the end-user's side after one of these attacks has left its malware.