A few weeks ago I published an article about an attack that hosted malware on a fast flux network of infected PCs and used a clever algorithm based on Twitter trends to generate four new hard-to-predict domain names every day.
Shortly after that I was contacted by foks, who shared some interesting information. He conducted his own investigation and found out how hackers injected those scripts into legitimate web pages. He also found a new (buggy) version of the malicious script.
Yesterday, when I wrote about hidden iframes I forgot to mention one interesting side effect of the new iframes with “onload” scripts – they eat web pages.
Actually, those iframes don’t eat web pages themselves – it is done by buggy software that hackers use to inject hidden iframes into legitimate web pages.
Here’s the story »»