I was just reading about a Dreamhost customer whose hosting account was compromised by search engine spammers. They gained access to his account, altered all of his files to include an iframe that linked to some kind of search engine spam, and uploaded a bunch of other files to his account that were also obviously related to spamming search engines. Such attacks only make sense if they can be performed in an automated fashion on a large number of Web sites. It looks like one of the links they added to his site also goes to a Web site that attempts to infest your computer with some kind of malware (kozirodstwo.com). He only found out about the problem when Google notified him that he was being delisted from the index because his newly modified pages violate their guidelines.
Anyone heard about anything similar going on? It seems new to me.
Update: Looks like the vector of attack was an insecure PHP script, which is all too typical. I guess this isn’t particularly novel after all.