So, Cinco de Mayo is dangerous

Hi folks,

Of course, you could have called that in from your couch. It turns out that these guys, http://freewebcards.com have been hacked. Let me stress that they are not deliberately doing this, but they are now an Innocent Lure. We first noticed them on April 26th, and they fixed it almost immediately, and noted that they were trying to address the problem.

Today, however, it turned up on SearchShield results. If you search for "what is cinco de mayo" in google, it shows up on the second page with an MDAC injection. See here.

The webpage looks like

this

and a source view shows a chunk of obfuscated javascript like this.

Now, these guys are obviously trying to be careful. See this message from 26th April, where they acknowledged that people were getting at them, and they trying to sort it out, so if these guys can get nailed again within a couple of weeks, _anyone_ can get nailed.

Cheers

Roger