A massive drive-by-download campaign affecting some 90,000 Web pages is now affecting more than six million pages. The attack is leveraging a number of known osCommerce bugs, including a Remote Edit Site Info Vulnerability. The IP addresses of those launching the attacks appear to have originated in the Ukraine and belong to an ISP whose website is www.didan.com.ua. Researchers at Armorize are still analyzing the attack and working out concrete details on where the attack is coming from and who is behind it.
Source: https://threatpost.com/iframe-campaign-affecting-more-6-million-pages-080111/75497/