Ddanchev has a very good analysis of the IFRAME injection attack on several CNET sites. It shows you that you don't have to surf on the dark side of the web to get infected. Banners, SEO poisoning and IFRAME injections are successful way to infect unpatched users.
With the recent IFRAME injection attack targeting ZDNet Asia, by abusing the site's search engine caching capabilities in a combination with the lack of input sanitization, several more CNET Networks' web properties besides ZDNet Asia, namely, TV.com, News.com and MySimon.com are currently getting targeted using the same technique to inject the IFRAMEs and have the sites cache and locally host the
results. The following assessement outlines the IPs and domains used in the IFRAMEs, the domains and IPs hosting the rogue anti-virus and anti-spyware applications, as well as the detection rates of the
applications.
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment