Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive Surge In Website Iframe injections


  • Please log in to reply
4 replies to this topic

#1 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:37 AM

Posted 03 September 2009 - 01:22 AM

A mass compromise that has hit tens of thousands of English-language webpages is probably part of a much larger wave of attacks that's been under way since June by a sophisticated band of criminals, a security researcher said Wednesday.

Source: The Register

I know that I've noticed an upswing in the number of sites I surf to being flagged as unsafe by Google Safe Search or blocked by my antivirus (Avast) as containing either "HTML:Iframe-GZ" or "HTML:Iframe-EJ."

An Iframe, for those not familiar with HTML, is an "inline" frame, an HTML element which can display a webpage or other document within a "parent" page.

These malicious Iframes attempt to download and run a malicious javascript document which can infect a target computer with such nasties as the Gologger keylogger and various trojan horse programs.

According to Google, this exploit has resulted in a more than doubling of their Safe Browsing Malicious Sites list. since January.

The Iframes are inserted into websites which use MySQL databases as a backend by means of an SQL injection attack. Websites based on popular blogging platforms such as Wordpress and Drupal, and even forums such as those using Invision Power Board and PHPBB may be vulnerable.

BC AdBot (Login to Remove)

 


#2 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:06:37 AM

Posted 03 September 2009 - 06:57 AM

:thumbsup: .....scary......

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#3 QQQQ

QQQQ

  • Members
  • 379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:37 AM

Posted 03 September 2009 - 09:54 AM

Just last week a customer of mine had this on their website, Google is still saying site may harm your computer. I wonder if it will reset itself somehow as it has been removed from the site.

#4 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:37 AM

Posted 03 September 2009 - 12:19 PM

There should be a button on the warning page that says something like "This ain't no baddie, buddy! Look at 'er agin!"

#5 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,569 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:37 AM

Posted 07 September 2009 - 09:33 PM

IFRAMES can and should be be blocked. All of them.
In IE in the miscellaneous settings.
In Opera they're calld Inline Frames.
Block and don't worry.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users