Top Five iFrame Malware Infected Web Sites
One of the most insidious forms of hacking, which is taking web sites by storm as of late, is the iFrame malware attack. Over 98,000 recorded infections have occurred and this attack shows no signs of stopping any time soon. In the last two years, there has been a 600% increase in attacks and over one million web pages are infected on a monthly basis.
What exactly is iFrame malware?
iFrame coding on its own works by remotely loading a web page inside of another. By itself, iFrame coding is not malicious. Where the malware takes over is by creating an included page that is virtually invisible to the reader and obfuscates the corresponding JavaScript to make it pretty much unrecognizable as any sort of threat. These types of nefarious coding have been most prevalent in banner advertising and, more recently, in search results.
Which web sites have been most recently attacked?
According to Dasient, a web anti-malware site, a few of the top hit web sites in the past week have been odile-marco.com, keymydomains.com, mformusic.org, kellerkamer.de and gemyakurda.net. The first three domains are struggling with iFrame injections while the later two are dealing with direct malicious JavaScript coding. Dasient is highly recommended to web site owners. The service can regularly check web sites against blacklists and malware scans.
What is the difference between iFrame and Javascript attacks?
The difference between iFrame and JavaScript malware attacks is simply in how the scripting is placed. In the case of iFrame injections, the remote page that resides outside of the actual web site one is visiting sources in content that fingerprints and exploits the user’s browser or operating system vulnerabilities and subsequently causes a “drive-by-download.” Malicious JavaScript coding will either source in or directly cause a code to execute within the visited web page resulting in “drive-by-downloads,” undesirable pop-ups, logged keystrokes and much more.
How does one protect oneself from these sorts of attacks?
Several things need to be accomplished. First, the affected web site should be notified. Once aware of the attack on their web pages, web site owners should completely remove the infectious coding from the pages in question. If the web site caches searches, these should be flushed out so as not to come up on search engines (Google automatically detects some exploits and will warn users against visiting the affected web site). Next, the users themselves should ensure they have the latest and most updated versions of all security updates. This includes both operating systems and anti-virus protection software.
Another simple way to watch for infected web sites is by following the Twitter user created by Dasient – http://twitter.com/dasient_new_mal. Infection updates are posted out as soon as they are discovered, allowing Internet users the ability to be forewarned prior to possibly becoming infected.
Conclusion
The lesson to be learned here is it is best to be forewarned and forearmed before blithely surfing the web without protection or knowledge. Some simple procedures can help protect web surfers. Web site owners should take steps to protect their web sites and enable site watching tactics. A bit of common sense and a lot of knowledge will go a long way to ensuring that web surfing is a safe activity.
Related Articles
- Recently Patched Internet Explorer Bug is Exploited in a Wave of Attacks
- Top Three Reasons Not to Use Internet Explorer
- Hackers Bring Fairfield School District Website to a Halt
- Be Aware of IFrame Malware
-
Related Posts
« Can Google Chrome OS Be Used as a Hosting Server? Top Three Web Site Builder Programs »
: 
: 
: 
: 
Loading ...
I enjoyed your article.
One of the most common ways that websites get hacked is by a virus on a PC with FTP access to the website.
These viruses steal the FTP login credentials from an infected PC, sends them to a server which then adds the malicious iframes or javascript to various webpages.
So the hackers don’t have to hack into a website, they merely login with valid credentials.
The virus works by various methods.
First, it knows that certain FTP programs store their passwords in a plain text file. The virus knows where these files are installed so it simply seeks them out, reads them, sends the data to a server which infects the website.
The virus also knows how to “sniff” FTP traffic leaving the PC. Since FTP transmits all data, including the FTP credentials in plain text, it’s easy for the virus to “see” the username and password, steal it, and well, you get the idea.
The virus also acts as keyboard logger at times. So for people who type their passwords in, it waits until you activate your FTP software, then records your keystrokes, sends them to a server and….
The last way we’ve seen that this virus works is by injecting the malicious iframe or javascript into the data stream as it’s leaving the infected PC. So, if you’re PC is infected and you send a new file to your website, the file on your PC is clean but as it’s being transmitted to your website, the malicious code is inserted into to the transmission. By the time it gets to your website, it’s infected.
All of this boils down to keeping your PC clean and not letting too many other people have your FTP login credentials. We’ve worked with some clients that haven’t changed their FTP passwords – ever! And they’ve given it out to various website designers and developers over the years. Think about that.
If any one of those people get a virus that steals the FTP login credentials, all the website they work on could get infected.
I just thought I’d add some insight from the trenches to your already fine article.
Report This
Was this review helpful to you? :
0 
0