IFrames Attacking!!!

New good news comming!, New vulnerability is made to infect Internet, here are more details:

Nowadays it is usually taken for granted that we can only get infected if we visit malicious websites or run files coming from untrustworthy sources. However, lately we have detected several cases in which by exploiting vulnerabilities in the web servers malicious code can be introduced in the websites hosted in them.

Therefore, we might come across trustworthy websites which contain malicious code introduced by a cyber-crook.
The following is one piece of code we found introduced in certain websites:

IFrame

JSCode

This malicious script of the web, known as iframe, contains instructions that will be interpreted by the browser, redirecting it to a web or to the downloading of a malicious file.

In this particular case, the user will be redirected transparently to a URL which will check if our system is protected against certain vulnerabilities. If any vulnerability is found, our computer will get infected with malware.

These are some of the vulnerabilities exploited to install malware in our computer:

In this particular case, the user will be redirected transparently to a URL which will check if our system is protected against certain vulnerabilities. If any vulnerability is found, our computer will get infected with malware.

These are some of the vulnerabilities exploited to install malware in our computer:

MS06-014 Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution

MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution

MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution

MS07-033 Cumulative Security Update for Internet Explorer

MS07-055 Vulnerability in kodak Image Viewer Could Allow Remote Code Execution

This implies that in spite of browsing through safe websites, we can come across legitimate web pages whose code has been previously modified in order to infect our computer

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: