According to them, the malicious code is embedded in the page as an iframe tag. The latter enables the launch of another page (an invisible one pixel by one pixel box) which, in return launches a complicated connection scheme. Francois Paget notes on the company blog:

This first iframe, routes the victim to sites hosted through Hong Kong provider. Two further links then redirect the visitor. From Hong Kong, we move to Russia and Ukraine where exploit and downloaders are used (Exploit-YIMCAM and downloader-AUD).

Once again, we can see how people involved in such attacks use dedicated malicious web sites in various countries to make it difficult to defeat them. It is especially difficult when an ISP accepts to host web sites without verifying the lesser data the criminals enters when they register.”

According to McAfee, the recent attack is related to the visit by Libyan dictator Muammar Khadafi’s upcoming visit to France, which has been stirring a lot of controversy.

All in all, the researcher points out one thing: “Please do not attempt to reach the site, it is still dangerous.”