IFRAME attack underway
IFRAME attack
There is a major attack underway that has compromised a slew of well known U.S. websites including (but not limited to) USAToday.com, ABCNews.com, News.com, Target.com, Walmart.com, Bloomingdales.com, WebShots.com, Sears.com, Forbes.com, Circuitcity.com, Epinions.com, JCPenney.com, and those for the University of Vermont and Boise State University.
The iFrame code on these and other sites has been modified to install a number of malicious programs under the guise of codecs (audio/video program files) and security software. This originally appeared to be initiated only when the compromised site searched using the sites internal search features, but is now being reported to be redirecting to malware download pages when the site comes up in a search engine.
I recommend that network administrators block the 4 IP addresses that the malicious code is downloaded from (see the links below), and everyone should be wary of downloading and installing any unexpected codec or security software from the web.
This is especially disturbing as these large news and ecommerce sites generally have pretty good security…
Below are links to the original articles:
https://www.darknet.org.uk/2008/04/iframe-piggybacking-on-google-searches-to-install-malware/
-J-
Tags:
Topic: IFRAME attack underway -J-
No comments found.