90,000+ web pages compromised through iFrame injection
Posted on 26 July 2011.
Researchers from security firm Armorize have uncovered a massive iFrame injection attack that has compromised 90,000+ Web pages belonging mostly to e-commerce sites.

The injected iFrame points to the willysy.com domain and through a series of redirections and JavaScript loadings of additional iFrames takes the user to a page one the arhyv.ru domain where a number of exploits try to take advantage of a handful of vulnerabilities in the user's browser.

The researchers point out that an unsuccessful infection attempt results in the injected iFrame being rendered as content - rather than executed - in the title part of the website (click on the screenshot to enlarge it):



According to them, the initial injected iFrame was later substituted with the following code:


Searching for it on Google reveals some 21,000+ additional compromised pages.

If one of the exploits is successful, the browser downloads and executes malware from a final web page, but Firefox and Safari users can rest safe for now - the page has been reported as an attack site and is currently blocked.

Armorize researchers have not specified what malware had been served for download.






Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //