A side effect of this “black-hat SEO modification” is when people search for domain names of affected sites, they see something like this in search results:
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Oct 6, 2009
Yet another Beladen/Goscanpark story from a server admin
Story from my blog reader: 60 support tickets and 1,000 screenshots before his hosting provider took action. (His site was hosted on a Goscanpark-infected server)
Oct 8, 2009
Researchers Hijack a Drive-By Botnet – insights from the inside
Oct 9, 2009
I see loads of spammy accounts on CommunityServer-powered sites. Sample Google search: http://www.google.com/search?q=inurl%3Amembers+inurl%3Aaspx+tramadol – they look like hacked
The Cash Factory – All aspects of the iframe-injection attack: spam, trojans, passwords, etc.
Oct 10, 2009
The Malware Warning Review Process – from Google Anti-Malware team
If you want more real-time experience, you can follow @unmaskparasites on Twitter.
I’ve discovered a new emerging malware attack today. Actually two attacks, but in this post I’ll review only one of them – server-wide goscanpark .com/goscansoon .com meta redirects.
I discovered this attack when checked Unmask Parasites logs. I noticed that many unrelated websites contained the same suspicious script so I decided to investigate this issue. The investigation is not complete yet but I think the information I’ve already collected will be useful for owners of compromised web sites. And I hope the missing parts will be added by you, the readers. Update ( July 27, 2009) : the comments are really very informative. make sure to read them.