You’ve been iframed

April 2, 2008 – 5:29 AM

Injected iframes into legitimate sites are becoming more and more common these days.  One of the latest targets is a Chinese government site at www.zhangzhu.gov.cn:

Please note that while the site adminstrators have been notified, the injected iframe is still present in the site at the time of this posting.

The iframe downloads a page from another chinese site that redirects the browser to a .com site – that contains tons of new iframes.

End result of this iframe jungle is that exploits try to download executables to the users computer:

lz.exe
614.exe

Both of these files are already detected as Trojan-Downloader.Win32.Small.suu using the latest database updates.

Drive-by-downloads are getting more sophisticated nowadays with this case using several exploits including MDAC and Real Player exploits.

As always, remember safe computing pratices even when on familiar grounds, lest you find yourself iframed.

Source: F-Secure

You must be logged in to post a comment.