Welcome to WebmasterWorld Guest from 220.127.116.11
"So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages."
Hmmm... that's not exactly massive in my book. The article says "many of the malicious URLs are just a jumble of characters, with China's .cn top-level domain at their ends." Sounds like PCWorld is just now catching up with our discussion from September [webmasterworld.com]. If so, they're really late to the party and that's why they only found 27 domains. Google's has already been onto this scheme for many weeks.
The BBC reports that Google has taken down tonnes of domains carrying malicious code. Most of the domains seem to be the previously discussed chinese domain extension and showing up at the top of the SERPs for innocent searches.
What seems interesting but the article doesn't explain fully is that it appears the malicious code only appears from Google referals. MSN and Yahoo referals don't seem to trigger it.
[edited by: tedster at 2:02 am (utc) on Nov. 30, 2007]
They appear to be pushing Spy-shredder, a malicious app pretending to be a Spyware buster on pages usually on a large amount of fresh .cn domains, with numbered html pages.
There is a very good explination of the attacks here:
< note: the Register article
also links to the Sunbelt Blog >
[edited by: tedster at 5:28 pm (utc) on Dec. 1, 2007]