DIY mass iFrame injecting Apache module sold online
Posted on 26.11.2012
The wish to automate repetitive and boring tasks is not restricted to those who engage in legal enterprises, so it's no wonder that we have lately witnessed a rise in DIY kits marketed to cyber crooks and scammers.

One of these is a Apache 2.x module for automated mass iFrame injection for which Webroot's Dancho Danchev has recently spotted an underground market advertisement.

"The Apache 2.x based stealth module is capable of inserting and rotating iFrames on all pages at a particular website hosted on the compromised server. The process will only work with a cookie+unique IP in an attempt by the cybercriminal behind the kit to make the process of analyzing the module harder to perform. The module would also not reveal the iFrame URL to search engines, Google Chrome and Linux users, as well as local IP," he shares, adding that this makes it virtually impossible for a webmaster to remove the infection from their Web site.

The module is for sale for $1,000, and in order to incite buyers, the seller offers statistics that apparently prove that the ROI is good.

"Thousands of users continue installing and purchasing fake antivirus software products, driving a steady flow of income to the accounts of the cybercriminal(s) operating these campaigns," he points out. "Moreover, the statistics also indicate that thousands of users, visiting their favorite and trusted websites, are getting exploited through client-side exploits like the ones served by the market leading Black Hole Exploit Kit, thanks to the malicious Apache 2 module."

The seller also reveals in the ad that the module has already been successfully use in a number of security incidents across the globe.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th