Sister CISA CISSP

Dec 15 2009   2:41AM GMT

iFrame Attack is Growing Very Fast



Posted by: Arian Eigen Heald
Tags:
Add new tag
information security
SQL Injection
Web Security

According to Dark Reading, and the original article from a security researcher from Scan Safe an attack that started in November using SQL injection has compromised over 132,000 websites.

As if that were not bad enough, the hacked websites have injected hidden code in an iframe that calls another iframe to connect to a website named 318x. For the really technical details, check the blog post from Mary Landeman at ScanSafe.

318x(a dotcom) downloads particularly nasty malware to the victim, which includes banking trojans. As of this evening, (12/14/09) a Google scan for the script source now has 166,000 websites listed.

If you do the search on Google or Yahoo, all sorts of alerts will go off (which is why I didn’t link it here), but you get infected only if you click on one of the links with the embedded script.

Search your own site for this string of code! If you find it, your website has been compromised, and you’d better find out how. Your customers and users can get infected, and it could get back to your company.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: