On 28 January, Australian spyware researcher Sandi Hardmeir discovered the music download service banner ads on Expedia.com were directing surfers to a site and trying to get them to install a Trojan called TROJ_GIDA.A. All the infected ads have now been removed and the company is investigating the length of time they were online. According to RealNetworks, owner of Rhapsody, the malware on the site was first reported on 20 January and all malicious files were removed within four days. The number of reported cases of web site infected with malware continues to rise at an astonishing rate. Earlier this week, the websites for the Embassy of the Ukraine in Lithuania, the Embassy of the Netherlands in Russia and the Ministry of Foreign Affairs for the country of Georgia were also all found to be serving up an attack code to visitors in an attempt to turn their PCs into a proxy using an iFrame exploit. Ad firm DoubleClick was also the victim of a similar attack late last year. Official sites for Major League Baseball, the National Hockey League and The Economist all featured malicious ads. A report recently published by WebSense claims that of the sites classified as malicious in the second half of 2007, 51 percent were legitimate sites that had been compromised by attack code.
