English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

SPAMfighter is

Microsoft Gold Certified Partner

SPAMfighter also

Works with Windows Vista

SPAMfighter Exchange Module is Microsoft certified ".net connected".

Microsoft .NET Connected

Sophos – Mass Injection Attacks Back Installing ‘Troj/Iframe-CB’

According to the Sophos security experts, they have recently detected a large number of legitimate websites infested with malicious script dubbed as Troj/Iframe-CB. These malicious scripts are aggressively attacking unsuspecting users.

Fraser Howard, Security Researcher, Sophos, said that the name of script itself suggested that it was used to write an iframe to redirect innocent user to aremote site, as reported by PC1News on June 19, 2009. He further added that after a thorough examination of the iframe added by the script, the malicious authors made use of CSS properties to hide it.

Moreover, cyber criminals have used a technique in which "the normal tiny width/height and a display:none CSS attribute" is avoided and opacity to 0 is set. Researchers added that the objective behind the adoption of this technique was to avoid inspections and detections using traditional hiding mechanism.

Cyber criminals have used the same method that was employed in Nine Ball mass injection attack, said security experts. This attack also directs victims from an authentic website to a remotely located website. Criminals have employed Troj/Iframe-CB (also called Trojan-Downloader.JS.Iframe.bdl) that is linked to fake websites.

According to Sophos, Troj/Iframe-CB is malicious in nature and injected into the web pages that load remote content from other sites during browsing of the page.

After taking the visitor to a number of remote websites, a data stealing Trojan called Troj/Mespam-B is downloaded on the visitor's computer.

In addition, the first infection comes in the website through infected files that make use of vulnerabilities from the client side. The malevolent PDF files are used to abuse these vulnerabilities and plants a Trojan dubbed as Troj/PDFJs-BG.

Explaining the injection attack, security experts state that cyber criminals seem to enjoying the success of massive injection attacks. Undoubtedly, criminals are becoming increasingly creative and wise in their approach of finding effective attack techniques.

Criminals' prime aim is to deceive as many victims as possible. Although it is almost impossible to stop them from finding new attacks, the application of common sense by users could reduce the amount of infections on the system, said security experts.

Hence, users need to be very cautious while surfing on the Internet and install appropriate antivirus application in their systems to protect themselves.

» SPAMfighter News - 30-06-2009

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird - Read more

Slow PC? Try SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now.

 

Exchange spam filter

SPAMfighter Exchange Module is a spam/virus filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial

<<<>>>