We have received a number of emails from readers pointing us to news articles indicating that the USTreasury is in the process of cleaning up malicious iFrame that have infected a number of their sites. We have also received one report that this particular iFrame redirect has also been found at other sites and that perhaps this may be another registrar related compromise.
If anyone has any further information on whether or not this is bigger than just the USTreasury, we would love to hear it.
As usual you can send us feedback through the comments to this diary, or via our contact page.

-- Rick Wanner - rwanner at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.