iFrame drive-by malware attacks explained [VIDEO]

Have you ever been the victim of a iFrame drive-by malware attack?

  • Yes

    Votes: 4 11.8%

  • No

    Votes: 22 64.7%

  • I don't know!

    Votes: 8 23.5%
  • Total voters
    34
Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378


Sophos said:
iFrames and script tags are being used by malicious hackers to serve up drive-by internet attacks, silently and invisibly.

iFrames allow webmasters to embed the content of one webpage into another, seamlessly.

There are legitimate reasons why some websites may want to do that - but what cybercriminals do is exploit the functionality (presumably they have been able to gain write access to the website) to deliver malware such as fake anti-virus or a PDF vulnerability exploit to infect your computer.

What's sneaky is that malicious hackers can make the embedded content invisible to the naked eye, by making the window zero by zero pixels in size. You can't see the threat, but your web browser is still dragging it down.

Read more: http://nakedsecurity.sophos.com/2012/08/16/invisible-iframe-drive-by-malware-attacks-explained-video/
Click to expand...
 
Last edited:
3link9

3link9

Level 5
Verified
Oct 22, 2011
860
Scary :S

I've never been a victim of any Drive-By, then again, I prob have in the past and never knew about it :/
 
Littlebits

Littlebits

Retired Staff
May 3, 2011
3,893
If you are accustomed to visiting a website like Google.com and you know it to be safe. One day you visit the site and your browser notifies you that java-scripts need to run but never needed to run before, that is the first sign that this website might have been hacked.

Even on the video if you noticed, Internet Explorer notified about these java-scripts and blocked them by default. Some browsers would have automatically blocked these java-scripts by default also not giving you the option to run them.

This iFrame hack is actually pretty old method for malware distributing.

I didn't even know it was still used today.

Thanks.:D
 
McLovin

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,224
Just like 3link9 said it's scary to see this happen.

You won't even know that they are there, but I also thought that you can block scripts on all webpages with an addon called Ghostery? Correct me if I'm wrong.
 
Littlebits

Littlebits

Retired Staff
May 3, 2011
3,893
MRF71 said:
How about noscript? won't that block it?
Click to expand...

Yes it will but your browser's default action even without any extensions would be to block the scripts unless you are using a ancient browser.

Of coarse Internet Explorer 9 gives you the option to allow blocked scripts, if you choose to allow them then you could possibly get infected.

Google Chrome already runs scripts in a sandbox.

If you run your browser in a sandbox like Sandboxie, BufferZone, etc.
The malicious script would not be able to infect your system.

All of the latest browsers should auto block iFrame scripts.
If your real-time Antivirus has a script blocker then that would also stop an infection.

It is actually rare for a system to get infected with iFrame scripts.

You would have to be using an old out-dated browser, manually allow the scripts to run on an current browser and have no real-time antivirus running to get infected from iFrame scripts.

Like I said, I really don't believe this method is even used anymore.
The last time I heard about iFrame malicious scripts was over 5 years ago. With the latest security advances in web browsers today, I really don't see why any hacker would want to use iFrame scripts when there are much better options that would be more successful with infecting systems.

Thanks.:D
 
H

HeffeD

Level 1
Feb 28, 2011
1,690
Littlebits said:
Google Chrome already runs scripts in a sandbox.
Click to expand...

I think that depends on the plugin. Is Chrome able to sandbox any plugins other than Flash these days?
 
Littlebits

Littlebits

Retired Staff
May 3, 2011
3,893
HeffeD said:
Littlebits said:
Google Chrome already runs scripts in a sandbox.
Click to expand...

I think that depends on the plugin. Is Chrome able to sandbox any plugins other than Flash these days?
Click to expand...

You are correct, if the IFrame script was a Java app then it would not be sandboxed, but then you would get a prompt for Java asking you if you want to allow or deny the script.

Google Chrome will auto block scripts by default and ask you if you want to allow them, so Google Chrome can still block the execution of scripts.

Thanks.:D
 
I

illumination

Noscript for firefox or Scriptno for Google Chrome both block IFrames
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
Google Cloud Build bug lets hackers launch supply chain attacks
Replies
1
Views
1,328
News Archive
Sandbox Breaker
Sandbox Breaker
Gandalf_The_Grey
    • Like
    • +Reputation
Pirated Windows 10 ISOs install clipper malware via EFI partitions
Replies
0
Views
775
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
    • Applause
Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
Replies
0
Views
1,198
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top