Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Hacking: Ongoing IFrame attack proving difficult to kill

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

"One of the factors that make an ongoing malware attack so difficult to stop is the speed with which the assault can evolve. Over the past 12 days, an IFrame injection attack that originally focused on ZDNet Asia has been spreading across the ‘Net, changing targets and payloads on an almost daily basis. An iFrame (short for inline frame) is an element of HTML that’s used to embed HTML from another source into a webpage. The timeline of the attack is provided below, thanks in no small part to security consultant Dancho Danchev, who has kept a play-by-play account of the IFrame attack on his blog.

This particular IFrame exploit takes advantage of web site query caching. Web sites often cache the results of search queries that are run locally. These search results are forwarded to search engine providers (think Google or Yahoo), who use the information to generate their own search results. Hackers exploit the system by typing a query immediately followed by the text of an IFrame. This data (including the IFrame) is then passed to various search engines and displayed if a user searches for a relevant keyword. When the user visits an apparently legitimate document, the IFrame activates and attempts to complete whatever instructions it has been given." – Content courtesy of Ongoing IFrame attack proving difficult to kill

You may also like to read



{ 1 comment… read it below or add one }

Aa'ed Alqarta March 22, 2008 at 3:21 AM

these are very aggressive attacks, and system admins should be ready to prevent their clients from getting exploited and redirected to those malicious domains.

check here

IFRAME Attacks – Actions to be taken

Reply

Leave a Comment

Previous post:

Next post: