During my monitoring of the feeds from my local CERT group, I found a reference to vulnerability in Google Images Search that allows remote code execution. The CERT bullitin (Danish) The suggested solutions is to use the no-script plug-in to your browser.
The attacker starts with compromising legitimate website here the place their script. That automatically generates web pages based on the most popular Google searches, the script then finds more keywords by getting the auto complete answer from Google search based on the original keyword. The script also retrieves images to its fake web pages. The logs from compromised servers show that sites that did not have a high google page rank, suddenly have a high rank for the maliciuis autogenerates pages. Toi my taht indicates that the script is doing some form of googleBot webcralwer optimazation. The attack happens when the site is preloaded through the thumbnail iframe with a Google image search and the malicious code is executed.