Search Engine IFRAME Injection Attacks

US-CERT has seen reports of attacks using specially crafted URLs that inject IFRAMEs as terms into search engines on legitimate websites.  The affected URLs include popular search terms, and may be returned as high ranking results in internet search engines. If the site hosting the search engine is vulnerable to cross-site scripting, users who follow the affected URLs may be unknowingly redirected to malicious websites. These sites may then attempt to exploit web browser vulnerabilities, entice users to download and install malicious code, or display unsolicited advertisements.

US-CERT encourages users to do the following to help mitigate the risk of this and similar attacks:

• Regularly apply software updates and patches provided by vendors.
• Disable JavaScript and ActiveX as described in the Securing Your Web Browser document.