GOP Site Hacked & Infecting Visitors
“This is the first time that Storm has taken to the Web for its victims, said Dan Hubbard, head of research at San Diego-based Websense Inc. "The big news is that Storm has added infecting sites to its arsenal," said Hubbard.
Storm debuted in January but only cracked the top malware lists early this summer, and has become infamous for its ability to adapt its infection strategies.”
Storm has historically been known for hiding out in e-mail attachments, typically in those great spam e-mails we all love and cherish, or via links inside of e-mails. This new variation, however, seems to attach itself directly to iframe code.
The problem with iframes is that they can (and often do) link to outside sites. Once this part of the code has been infected, any computer visiting a 'safe' site is now subject to attack unless they have are specifically patched against such an attack, and such patches typically are released after a breach has been found.