RE: http://isc.sans.org/diary.html?storyid=3015

- http://blog.trendmicro.com/pornograp...bad-for-you21/
June 22, 2007 ~ "Be careful in searching for porn sites, you may get other forms of “malicious” content that is definitely undesireable. Just a few days after the infamous Italian Job malware, Trend Micro found another one with a similar modus operandi, but instead of hacked Italian web sites, the infection chain starts on certain pornographic sites... The detections for web pages containing the obfuscated IFRAME code, as well as the script file that downloads TROJ_AGENT.QMN are still being created as of writing. This particular attack uses the tookit MPack v0.86, the same one used in the Italian Job attack, and, despite only having 197 domains with IFRAMEs (as compared to the Italian Job’s 10,000++ domains), are able to infect twice as much as the Italian Job. It is most likely this attack was made online sometime last week, around June 17..."