The researchers point out that an unsuccessful infection attempt results in the injected iFrame being rendered as content - rather than executed - in the title part of the website (click on the screenshot to enlarge it):
According to them, the initial injected iFrame was later substituted with the following code:
Searching for it on Google reveals some 21,000+ additional compromised pages.
If one of the exploits is successful, the browser downloads and executes malware from a final web page, but Firefox and Safari users can rest safe for now - the page has been reported as an attack site and is currently blocked.
Armorize researchers have not specified what malware had been served for download.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.