Comments on: Evolution of Hidden Iframes

By: Denis

Denis — Mon, 14 Dec 2009 23:44:53 +0000

The easiest (and the most common) way is using stolen FTP credentials.

Denis — Mon, 14 Dec 2009 23:41:15 +0000

“google analystics” is definitely malicious. Every domain that mimics Google Analytics is at least suspicious.

Unknown — Mon, 14 Dec 2009 16:44:55 +0000

I want you to contact me because these does not make sense. How could someone hack with iframes?

Unknown — Mon, 14 Dec 2009 16:43:22 +0000

Are you saying that google analystics is a hacker? what do you mean.

london speed dating — Thu, 19 Nov 2009 09:53:57 +0000

I didn’t know that I was infected mootools, is tha
obfuscated JavaScript, but there was an iframe in the document and the destination was exploited.

Rafael — Tue, 17 Nov 2009 12:40:43 +0000

“Malwarebytes’ Anti-Malware”

People, this software is very nice to prevent your computer!

Bye!

UnderForge of Lack » Blog Archive » 2009.10.29 木曜日 — Thu, 29 Oct 2009 00:34:26 +0000

[...] ———- iFrameインジェクションの進化 Evolution of Hidden Iframes iframeを隠す手段としてよく使われているのが

Denis — Wed, 28 Oct 2009 21:42:23 +0000

Thomas,

These are probably all main tricks for hiding existing iframes.

On the other hand, there are so many ways to inject hidden iframes on the fly using scripts, that one could write a book about it.

Thomas J. Raef — Wed, 28 Oct 2009 21:28:45 +0000

I’m sure in your research you also see many different ways of obfuscating iframes as well.

Care to show some of those methods?

Denis — Wed, 28 Oct 2009 21:27:34 +0000

I’ve removed the link from your code since the script is really malicious.

Dave,

Malicious scripts that inject hidden iframes is a whole new story. Much longer story than this one…