IFrame Attacks on Website ! Should you be concerned ?
Today we would like to bring to your notice, an entity called “Iframe Attack”. These silent attacks have become very common these days and troubling website owners and web hosting providers alike, leading to complete disruption of websites and catastrophic results.
What is an Iframe Injection Attack ?
The <iframe> tag is an HTML tag used to seamlessly embed content from another page or site. (The ‘i’ in ‘iframe’ stands for ‘invisible’ , i.e. ‘invisible frame’ .) IFrames are used on thousands and thousands of sites for legitimate use. Even Google uses it to deliver Adwords Ads. Where as, An injection is something inserted by a third party into a website. The most common kind of injection is a ‘SQL injection’ , which is an injection into a database.
So, Plainly Speaking, An iframe injection is an injection of one or more iframe tags into a page’s content without your consent. These inserted tags may be bits of codes to call on some other site or download a virus infected file. The iframe typically does something bad, such as downloading an executable application that contains a virus or worm in it, something that compromises a visitor’s system.
Many top PC Security companies have mentioned this attack as the most nasty of all the attacks on the websites.
You can find some articles on these attacks here:
1. http://newsletters.trendmicro.com/servlet/website/ResponseForm?mgLEVTTA_TATZ_.40ev.2e_ew_eHmLlm0okLHm
2. http://www.webpronews.com/topnews/2008/03/28/major-sites-hit-with-iframe-injection-attacks
Some researchers believe that these maliciously inserted codes are the handywork of hacker groups who send bots on the net to trace such sites which are poorly coded and have vulnerability to attack. While other believe, the most likely cause is that your personal computer is infected. Strange as that may sound, hackers are using a variation of Trojans to infect personal computers and then use your own FTP login information, to change the Index page and/or other targeted pages on your own site.
What ever the cause of this injection, the end result is the blocking of your site by Anti-Virus Software and Browser Alarms.
We have been receiving a few complaints from some of our clients regarding such attacks , which they believe to be due to some kind of Virus on our Servers.
We would like to mention that such attacks do simulate a Virus Attack, but the source is NOT our Servers , but some other sites which are being called by the injected IFrames.
We would urge you to please do some research on this issue on the net and protect your websites and business by taking appropriate steps.
If you need any help in these situations, we are always here.