Yesterday, Patrick (aka Noxwizard, phpBB support team member) pointed me at the new malware attack that surfaced this week (first mentioned on May 16th). The attack creates/modifies .htaccess files to redirect site visitors that come from major search engines and popular websites (e.g. Twitter, Facebook, Wikipedia, Flickr, Ebay, etc) to scareware sites that aggressively push fake anti-virus software.
The redirects also occur if visitors request unexisting pages or pages that produce server errors.

This .htaccess conditional redirect approach is nothing new. It has been actively exploited by hackers for at least couple of years (and Unmask Parasites does a good job of detecting such redirects). And while the .htaccess code in this particular case has some new features (maybe more about it next time), it isn

The link for this article located at nmask Parasites. Blog. is no longer available.