IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Security Bytes > Researcher: Beware of massive IFrame attack

» VIEW ALL POSTS Mar 14 2008 6:28AM GMT

Researcher: Beware of massive IFrame attack

Posted by: Bill Brenner

Network Security, Application Security, Information Security Threats, Security Management, Platform Security

Security researcher Dancho Danchev has raised the red flag in his blog about a new scam the bad guys are using to corrupt hundreds of thousands of websites with IFrame redirects. Visit one of these corrupt pages and you just might find yourself caught on another site rigged with malicious code.

The infamous hacking group known as the Russian Business Network (RBN) appears to have a hand in this, he says.

“The ongoing monitoring of this campaign reveals that the group is continuing to expand the campaign, introducing over a hundred new bogus .info domains acting as traffic redirection points to the campaigns hardcoded within the secondary redirection point, in this case radt.info where a new malware variant of Zlob is attempting to install though an ActiveX object.”

Danchev says these are the high-profile sites targeted by the same group within the past 48 hours, with the number of locally cached and IFrame injected pages within their search engines :

NCSU Libraries - lib.ncsu.edu - 372,000 pages bushtorrent.com - 147 pages
ChildCareExchange - ccie.com - 131 pages
The University of Vermont - uvm.edu - 120 pages
Hippodrome State Theatre - Gainesville, FL - thehipp.org - 112 pages
Minnesota State University Mankato - mnsu.edu - 94 pages
The California Majority Report - camajorityreport.com - 16 pages Trackback URL

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Hacking » Blog Archive » Researcher: Beware of massive IFrame attack | Mar 14 2008 8:32AM GMT

[...] Read the rest of this great post here [...]

Aa'ed Alqarta | Mar 18 2008 9:57AM GMT

This is just another strong reason to disable ActiveX and control the browser security settings. Activex is a nice feature but risky at the same time. Also, network administrators must give attention to security news/blogs to keep up with latest threats. Slow response will be too late to save your machines. My advice, disable ActiveX, Patach …patch and patch, use Firefox 3 coz it’s more secure than before. Noscript is a saver.
<a href="http://extremesecurity.blogspot.com" title="http://extremesecurity.blogspot.com" target="_blank">http://extremesecurity.blogspot.com</a>

Researcher: IFrame redirect attacks escalate — Security Bytes | Mar 28 2008 9:26AM GMT

[...] It’s been a couple of weeks since security researcher Dancho Danchev raised the red flag about IFrame redirects attackers have been using to corrupt hundreds of thousands of Web sites, and how the likely culprit is the infamous hacking group known as the Russian Business Network (RBN). [...]

The TopOfMemory Security Feed » Blog Archive » Serious IFrame attacks spread Trojan cocktail | Aug 25 2009 2:01PM GMT

[...] year, security researchers believed the Russian Business Network (RBN) was involved with a scam that corrupts hundreds of thousands of Web sites with IFrame [...]

Visit Information Security Home | Information Security News | Information Security White Papers | Information Security Videos | Information Security Resources

Ask an IT Question

About the Blogger

Robert Westervelt

Twitter.com/rwestervelt Rob is a news reporter and editor for SearchSecurity.com. Since joining TechTarget in July 2003, Rob has covered SAP, Oracle and the database industry for SearchDatabase.com, SearchSAP.com and SearchOracle.com. Prior to joining TechTarget, Rob was a newspaper reporter for five years at The Day in New London, Conn., where he wrote a variety of crime, general news, government and business stories while covering towns in Southeastern Connecticut. A military veteran, Rob served four years with the U.S. Air Force, U.S. Forces Police in Kaiserslautern Germany. He holds a degree in journalism from the University of Connecticut. READ MORE

>> READ MORE ABOUT THE BLOGGERS

Browse This Blog's Tags

Adobe, Antivirus, antivirus software, Application Security, banking Trojan, botnets, budget, Cisco, CISO, cloud security services, Compliance, Conficker, cross site scripting, Data Breaches and Identity Theft, Data Breaches and Identity Theft, Data leakage, data security, email securit, federal cybersecurity, Firefox security, Identity and access management, Information Security Careers, Information Security Threats, insider threats, Laws, Investigations and Ethics, Microsoft Security, Mozilla security, Network Security, patch management, patching, Phishing, Platform Security, Privacy, ransomeware, risk, Rogue Antivirus, secureworld, Security, security appliance, security budgets, security jobs, Security Management, Security Vendor News, social networking flaws, Twitter security, Uncategorized, web application flaws, Welcome, XSS, zero-day

Security Wire Daily News

brought to you by SearchSecurity.com

Partner Engage 2009: Symantec unveils new programs, incentives for VARs
At the Symantec Partner Engage 2009 channel conference this week, Symantec's new CEO unveiled a new, more channel-friendly vision for the security gia...READ MORE

Microsoft to address flaws in Windows, Office for Mac
Vulnerabilities affecting Windows and Microsoft Office will be updated next week, according to the software giant's advance notification.

Cloud computing data security starts with internal strategy, experts say
EMC's Eric Baize says companies should consider security early and establish trust with the cloud provider. But many factors hinge on an enterprise's ...READ MORE

Expert calls SSL protocol vulnerability a non issue
The researchers who discovered the SSL vulnerability warn that it could have far reaching affects and are working with a consortium of vendors to coor...READ MORE

Two-factor authentication, vigilance foil password theft
Password stealing Trojans, keyloggers and other malware are reaping account credentials by the thousands forcing some to rethink password policies and...READ MORE

Blog Roll

Help

Subscribe to Alerts

RSS feed of Security Bytes

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map

Podcast Powered by podPress (v8.8)