The researchers point out that an unsuccessful infection attempt results in the injected iFrame being rendered as content - rather than executed - in the title part of the website (click on the screenshot to enlarge it):
According to them, the initial injected iFrame was later substituted with the following code:
Searching for it on Google reveals some 21,000+ additional compromised pages.
If one of the exploits is successful, the browser downloads and executes malware from a final web page, but Firefox and Safari users can rest safe for now - the page has been reported as an attack site and is currently blocked.
Armorize researchers have not specified what malware had been served for download.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.