The rebirth of an old infection tactic

[kaddy]

I am going to speak about a common attack vector that anyone can be potentially hit by under the right circumstances. I have personally, while using a malware test vm, discovered the number of Wordpress and Tumblr, blogspot web sites with the old malicious JavaScript and scripts. A hacker compromises a webpage, inserting an invisible Iframe to redirect you to a malicious domain. Using my Norton product in a VM, I have seen repeated attacks through Wordpress, or any website based on Wordpress software. Tumblr and other common blogging platforms are also affected. I get the mass injection site 19 warning on most of them. This was incredibly common with the old favorite of scam artists, the fakeAV Trojans. Now, they redirect to browser locking ransom Trojans among other nastiness. Finding these Attack pages is incredibly easy, to the point where you do a google image search, visit a site and before you know it, you have been hit. A drive by download takes place and your computer is infected.
I have found some relatively effective ways to reduce your possibility of infection.
1. Use a JavaScript blocker such as noscript with Firefox or an alternative for chrome.
2. As everyone tells you, keep your computer software up to date and your anti virus up to date.
Site admins should check their sites for
code like this


The specfic hack code is:
<iframe src="width=125 height=125style="visibility: hidden"> iframe
The iframe will have a site redirect. There have been many threads on Wordpress, about this. in the original code, which I removed to keep people who may misuse it from getting it from me at the very least, linked to a site hosting a adobe reader exploit.

 

[jamescv7]

Usually a tool that focus on main type of infection is effective rather mixture of prevention capabilities of security product, since it rely on traditional techniques which obsolete.