Help
Quote
A mass compromise that has hit tens of thousands of English-language webpages is probably part of a much larger wave of attacks that's been under way since June by a sophisticated band of criminals, a security researcher said Wednesday.
I know that I've noticed an upswing in the number of sites I surf to being flagged as unsafe by Google Safe Search or blocked by my antivirus (Avast) as containing either "HTML:Iframe-GZ" or "HTML:Iframe-EJ."
An Iframe, for those not familiar with HTML, is an "inline" frame, an HTML element which can display a webpage or other document within a "parent" page.
These malicious Iframes attempt to download and run a malicious javascript document which can infect a target computer with such nasties as the Gologger keylogger and various trojan horse programs.
According to Google, this exploit has resulted in a more than doubling of their Safe Browsing Malicious Sites list. since January.
The Iframes are inserted into websites which use MySQL databases as a backend by means of an SQL injection attack. Websites based on popular blogging platforms such as Wordpress and Drupal, and even forums such as those using Invision Power Board and PHPBB may be vulnerable.
Back to top
.....scary......
