The World Wide Web is one of the greatest inventions ever and right about now, the army of malware writers would probably agree. There is a relatively new technique circulating throughout the community of internet criminals and the IFrame acts as the facilitator. This concept represents one of the latest tools used to trick web surfers into unknowingly downloading malicious items onto their computers from an infected website. How serious is the threat? Well since popular sites like USA Today and Wal-Mart have already been victimized, we’d say it is one that definitely warrants your attention.
IFrame Malware Defined
Not to be confused with the newest Apple product, IFrame is an acronym for inline frame, which is simply a way of inserting one web page inside of another, typically from another web server. IFrames are useful for building web applications and serving content from other sources to your visitors. However, malware writers and hackers have other intentions, planting IFrames in stealth fashion where you don’t even known they are there. A knowledgeable attacker can manipulate JavaScript in a way where the code is designed to look confusing or benign rather than obviously malicious.
When the concept first started, hackers exploited IFrames by attacking servers directly or adding malicious code to banner advertisements. More recently however, it has been increasingly used to aid in the poisoning of search engine results. Large websites often cache the results of search queries and then forward them to a search engine like Google which generates them directly for the benefit of web surfers. Malware writers are able to exploit the system by inserting the IFrame’s text and code within the legitimate query. If the terms are not properly scanned and analyzed for obfuscated code, the malicious data is then stored and passed onto the search engine. Thus, when a user searches for that term, the attack is directly initiated upon clicking on the search result. This provides hackers with a way to bypass traditional security mechanisms and use a website’s search engine popularity to unknowingly infect its own users.
Defending Against Malicious IFrames
IFrame malware attacks are occurring at a rapid rate, mainly because far too many internet users are not aware of the problem. Effectively fighting this security threat calls for dedicated efforts on the part of many. Server operators need to devise more efficient ways to detect malicious code and website administrators must improve the input checking procedures for their sites. At the same time, popular searches engines must do a better job of detecting these exploits and warning users of the sites that may harm their computer. For the mean time, website owners are advised to properly secure their applications while end users should keep their systems updated with the latest versions of Microsoft products like Windows and Internet Explorer. As of this article, the most vulnerable systems are those running Windows XP Service Pack 1 and IE browsers older than version 7.0. These are tips you may want to pass along to your visitors.
