Spreading Malware via Invisible iFrame

Wednesday, May 18, 2011



ZScaler recently reported about an attack on, a website that has been a very popular resource for online technology information since 1996.

Hackers have managed to redirect users to malicious sites and are attempting to install malicious software on visitor's machines.

On Sunday, zScaler reported that the main page of the site - including the "Homepage" and the "About Us" section - contain an invisible iframe with JavaScript downloaded from sites contaminated by a custom set of exploits.

The malicious code attempts to take advantage of vulnerabilities on the end user’s machine.

According to zScaler:

If you look at the screenshot , you will notice that they feature the latest articles on the home page. The latest topic or article currently discussed is “Call of Duty: Modern Warfare 3 details leaked”. As this is first article is highlighted and “Call of Duty” is a very popular game, one can assume that many people have fallen victim to this attack. It is in the article itself where the malicious Iframe has been injected. (Click image to enlarge)


The malicious Iframe redirects victims to a malicious website hosting an exploit kit. Once you visit, heavily obfuscated JavaScript is returned which will target various known vulnerabilities. Here is what the exploit looks like: (Click image to enlarge)


Unfortunately, there are hundreds of similar attacks conducted on a daily bases on web pages like the ones displayed.

Many legitimate web resources are subject to cracking due to the admin's lack of experience in web application programming, and are often used by cybercriminals to spread their malicious software.

Attackers are always looking for popular sites and news portals, and attempt to use them as platforms for their attacks. Users have to always remember that safe sites do not exist.

Contributed by SecTechno

Possibly Related Articles:
Viruses & Malware
Browser Security malware Javascript Vulnerabilities Web Application Security iFrame Injection Headlines
Post Rating I Like this!
Johnny Wong I have a noob question: how did the iframe get onto the site in the first place? Was the HTML code injected through a traditional attack like SQL Injection?
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.