iframe attacks on the increase

Please check back here for updates.

Moderators: Web World Tech Support, Design Team, Design Team, Web World Tech Support

iframe attacks on the increase

Postby daveg » Mon Oct 17, 2011 5:58 pm

Over the past couple of weeks we've seen a big increase in iframe attacks. Hackers use iframes to load a virus onto the users' PCs without them knowing. An iframe is a way of loading one web page inside another, usually from a different server. That can be useful for building online applications. But malware writers have taken advantage of this to load viruses from unsuspecting websites to the users PC. Once the PC has been infected the hacker then gets a list of all the users FTP passwords. FTP (File Transfer Protocol) is used to manage websites. This virus effects web designers the most as they would generally work with multiple FTP accounts.

The hacker then uses a program that automatically adds the iframes into the new websites which have been harvested and the virus spreads.

Most people notice their website has been attacked when they get a blocked message from Google in Firefox. There are many things that can be done to stop these attacks.

1) Website owners should provision a unique FTP password for each developer.

2) Websites owners should never give the same password to different developers.

3) Developers should inform owners promptly if a security breach occurs so that the owners can change passwords. If a developer has access to the hosting controls, they should consider changing the passwords immediately, using a secure machine.

4) Windows users should make sure they have installed all security updates, and preferably upgrade to XP SP2 with IE7, or Vista. Running an active anti-malware guard can also help. That should just leave the people dumb enough to think they need to install a new codec to view porn.

5) Sites that cache searches should improve their input checking, and server operators can search for iframe exploit code.
Thanks
Dave Geoghegan
daveg@webworld.ie
User avatar
daveg
Rank: Supreme Member
 
Posts: 210
Joined: Wed Jun 07, 2006 5:33 pm
Website: http://www.webworld.ie
Location: Dublin, Ireland

Return to “%s” Network, Security & Software Updates

Who is online

Users browsing this forum: No registered users

cron