TechSpot

Hackers launch massive IFrame attack

By jobeard
Mar 14, 2008
  1. Computerworld, March 13, 2008 (Computerworld) reports:

    Likely relying on an automated tool to do the dirty work, the hackers add IFrame code to the saved search results on the sites,
    Greenbaum said. The next visitor that uses the search tool is then redirected to another Web site
    by the IFrame code. The second site in turn puts up a message telling the user that a new codec (coder/decoder) needs to be installed.
    Accepting the codec takes the user to still another site, which actually hosts the malware --
    a new variant of the Zlob Trojan horse -- and installs it on the victim's PC.

    Danchev listed more than 20 sites that together account for more than 401,000 IFrame-injected pages.
    The sites include high-profile sites such as the North Carolina State University library,
    the U.S. Administration on Aging and the U.S. government's Medicare program,
    as well as questionable sites such as BitTorrent sites hosting pirated software and other content.

    the full article is here

    DEFENSE

    1- IE users have the tools->options->Security Settings tab to [x] prompt for IFRAMES
    2- instead of using any site hosted Search tool;
    copy the domain portion of the URL without the http:// eg from http://[B]www.google.com[/B]/ COPY just www.google.com
    and use google search, eg in the google keyword search box,
    enter
    site:the domain
    and then add your search terms​
    eg site:www.google.com my search terms

    (2) may not always work for low traffic sites as google may not have crawled the contents.


    www.google.com
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I have noticed a rise in hijacked DNS pointing to Russia lately
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...