Hackers Subvert Massive Number of Pages With IFrame Redirects

According to security researchers, hackers in a new attack are continuously corrupting lakhs of Web pages by inserting IFrame redirects that take unsuspecting visitors to malware-loaded sites, as reported by COMPUTER WORLD on March 13, 2008.

As accords to researchers, the attacks started in the first week of March 2008 and heise online reported this on March 10, 2008 and said that criminal groups were using these attacks.

Further according to the heise online, the criminals have been manipulating the search facilities of TorrentReactor and ZDnet Asia to implant IFrames linking to malware-spewing Web pages appearing on the list of search results. In addition to targeting these Websites, the attacks have also targeted users of tech publication site Wired.com and Security Company Trend Micro.

As accords to security experts, the IFrames are inserted to the link pointing to the search result on Google. Hence, on following the link, the user instead of finding the desired page of Torrent Reactor or ZDnet is redirected to the IFrame embedded page. Subsequently, that page offers bogus anti-virus downloads or certain video codecs believed to contain the Zlob Trojan.

Dancho Danchev, a researcher from Bulgaria, stated via a blog note that the group was still spreading the campaign. Danchev said that these were the high-profile Websites that the group targeted over the past two days with the IFrame-injected and locally cached pages appearing via search results, as reported by COMPUTER WORLD on March 13, 2008.

Danchev cited over 20 Websites that together contained over 401,000 IFrame-embedded pages. These include some high-profile sites like those of the US government's Medicare program, the US Administration on Aging and the North Carolina State University library.

Elaborating on the attacks, Ben Greenbaum of Symantec Corp, said that hackers are doing their dirty task by using an automated program and are therefore adding the IFrame component to the sites' search results, as reported by COMPUTERWORLD on March 13, 2008.

At McAfee AvertLabs, security experts refer to similar IFrame attacks on PHPbb (PHP bulletin boards) that were waged in the second week of March 2008 with more than 200,000 PHPbb Web pages compromised, according to statistics.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 3/24/2008