A massive, unsettling malware campaign is spreading across the Web, and so far more than 90,000 online commerce websites have been compromised.
The attack, according to the researchers at the security firm Armorize who detected it, is corrupting Web pages through malicious iFrames that point to a website called willysy.com.
An iFrame is a line of code inserted into a Web page that loads data from another site; usually iFrames are benign, but in the hands of devious online criminals, they can become covert ways to ensnare victims.
If a user lands on a Web page with an infected iFrame lurking beneath, the iFrame can automatically download dangerous malware onto the user's system.
This iFrame attack — they're also called mass injection attacks — is exploiting vulnerabilities in Java, Adobe PDF, Microsoft Internet Explorer and other common programs, and is targeting online commerce sites.
To limit your chances of becoming a victim of this mass injection attack, it's necessary to use a strong anti-virus program and keep it up to date. An added precaution, and one that would mitigate the danger if infected by malware, would be to dedicate an administrative account solely for installing software, and otherwise using a standard personal account that cannot install software.