There’s plenty of word these days about SQL injection (Dancho Danchev’s blog is an excellent reference on this trend). Add another one to the list, a fairly extensive cross site scripting hack currently in action, pushing porn, and ultimately malware.
The images displayed are extremely graphic in content. When an image is clicked, the user is redirected to a site pushing a fake antispyware program.
Searching Google for the term “href=//imagesoap” pulls up a large number of results. (Warning: the results returned are highly graphic in content, and do lead to malware.)
Sites observed as infected include:
faa.org
movieweb.com
finlayongovernance.com
exmoorcastingsupplies.co.uk
interbrand.com
montecarlofans.com
ceiling-fans.biz
paxworld.com
travelandleisure.com
flexexamples.com
venganza.org
killerfrog.com
And plenty more.
Alex Eckelberry
(Thanks Francesco and Adam)