Sophos – Mass Injection Attacks Back Installing ‘Troj/Iframe-CB’

According to the Sophos security experts, they have recently detected a large number of legitimate websites infested with malicious script dubbed as Troj/Iframe-CB. These malicious scripts are aggressively attacking unsuspecting users.

Fraser Howard, Security Researcher, Sophos, said that the name of script itself suggested that it was used to write an iframe to redirect innocent user to aremote site, as reported by PC1News on June 19, 2009. He further added that after a thorough examination of the iframe added by the script, the malicious authors made use of CSS properties to hide it.

Moreover, cyber criminals have used a technique in which "the normal tiny width/height and a display:none CSS attribute" is avoided and opacity to 0 is set. Researchers added that the objective behind the adoption of this technique was to avoid inspections and detections using traditional hiding mechanism.

Cyber criminals have used the same method that was employed in Nine Ball mass injection attack, said security experts. This attack also directs victims from an authentic website to a remotely located website. Criminals have employed Troj/Iframe-CB (also called Trojan-Downloader.JS.Iframe.bdl) that is linked to fake websites.

According to Sophos, Troj/Iframe-CB is malicious in nature and injected into the web pages that load remote content from other sites during browsing of the page.

After taking the visitor to a number of remote websites, a data stealing Trojan called Troj/Mespam-B is downloaded on the visitor's computer.

In addition, the first infection comes in the website through infected files that make use of vulnerabilities from the client side. The malevolent PDF files are used to abuse these vulnerabilities and plants a Trojan dubbed as Troj/PDFJs-BG.

Explaining the injection attack, security experts state that cyber criminals seem to enjoying the success of massive injection attacks. Undoubtedly, criminals are becoming increasingly creative and wise in their approach of finding effective attack techniques.

Criminals' prime aim is to deceive as many victims as possible. Although it is almost impossible to stop them from finding new attacks, the application of common sense by users could reduce the amount of infections on the system, said security experts.

Hence, users need to be very cautious while surfing on the Internet and install appropriate antivirus application in their systems to protect themselves.

Related article: Spike in Attacks Causes Early Release of Windows Patch

» SPAMfighter News - 6/30/2009