IFRAME Virus injecting malicious code
77Hacking
How an IFRAME attack works
It's probably safer and less expensive if you simply walk or Drive to the store!
A massive Web attack, first reported by security researcher Dancho Danchev earlier this month,(everyone SHOULD have listened better to him!) has expanded to hit more than ONE million Web pages, including many sites YOU probably shop online at - like Wal-Mart. Maybe you better just go there instead!
"The number and importance of the sites has increased," wrote Danchev in a Friday blog posting where he reported that trusted Web sites such as USAToday.com, Target.com, and Walmart.com have been hit with the attack."
The hackers behind this have not actually "hacked" into servers, but are using the Webs OWN programming errors to inject this code into search results pages created by the Web sites OWN internal search engines!
Wow - it's a NEW crime - a hacker that hasn't hacked! What do we call that? Do we have a law for that yet? Shall we call them *Whackers*?? :}
Here's an example of how a *Whack/Hack* attack works:
The Whacker (hacker?) searches for popular keywords, like "furniture" on the Wal-Mart Web site using its internal search engine. But instead of running a normal search, the (hacker?) adds on an HTML command to the end of his search string. HTML = hyper text markup Language...the stuff we write websites with mainly.
This command then opens up an invisible "iframe" window in the victims browser which then redirects to a malicious Web site, which then (if successful) installs fake antispyware or a version of the "Zlob Trojan Horse" - a malware on the victims (meaning YOU) PC.
And hear this! These (hackers?) actually have great Google rankings!!
In order to boost their Google rankings, Web sites often save a copy of these search results and submit them to Google. When a victim searches Google for the keyword, these cached search results then pop up, with the malicious code now inside them.
"Malicious parties are actively poisoning these sites' search query caching feature to position the keywords among the top ten search results, thereby infecting anyone coming across them," said Danchev, in an instant-message interview. (Gotta love that - an IM interview!)
Danchev believes that more than 1 million Web pages have been infected using this technique.
"The more keywords they submit with [malicious] script, the more pages with popular keywords the high page ranked sites would cache," he said. This really increases the chance that someone will see the search results hosted on the reputable site and click on the (whacker/hacker) malicious page(s).
The Websites that have been mangled with this attack could fix the problem by doing a better job of checking the search queries on their internal search engines to make sure that there is no malicious code in them.
Hackers? (Whackers to me) are, of COURSE, always looking for ways to install their code on trusted Web sites. (Not very HARD to do!)
In a few weeks, security workers have found hundreds of thousands of Web pages affected by this and other similar attacks.
Were YOU oblivious to this when you ordered your lawn furniture yesterday?
IFRAME at NIGHT - hahaha
PrintShare it! — Rate it: up down flag this hub
Comments
I disagree but everyone has their own ideas and opinions to which they have their right :}
I had this problem with my website...look the cash...
it means reflected XSS response also get saved in google cache,So this caching feature can also be exploited in this case??
quote: it means reflected XSS response also get saved in google cache,So this caching feature can also be exploited in this case??
end quote--
Yep, that is my thinking....
Following is a great article which helped me get rid of this iframe virus
If your website is infected, cleaning it manually would be really difficult for large websites. Here is one site that gives detailed technical information and some removal procedure as well:
Dear Website owners,
iFrame Virus is panic for everyone on internet. Not only computers but websites too get infected with malicious viruses and hamper the site functionality.
RainCreatives team has put in the efforts to counter this malware attack.
This script is written in php and will work for the server where php support is there. Script will cure the iframe problem on your website.
To purchase this removal script, please go to http://www.raincreatives.com/component/option,com_
We will provide support for the users who cant use this script by themselves. Please backup your site before you run the script.
Please remember this is a detection and removal script.
For more details, visit www.raincreatives.com
Best Regards,
Adam.
www.raincreatives.com
*hello world* - please don't advertise on my hubs.
Hello Friends,
Try free web scan of soswebscan available at
http://soswebscan.jobandproject.com
It helps you to get rid from iframe badwares and reported attack site.
SOSWebScan works!
Trojan Horse Removal says:
2 years ago
To prevent getting Trojan Horse's I would suggest having some software installed in your pc to scan and stop these threats from entering your system.I find Spyware Remover a great tool for removing and scanning for Trojan Horse's and I would recommend using this product to remove and prevent further Trojan Horse's from entering your pc.