Another IFrame VML exploit

Following up on a SunBelt blog post ... I noticed the site mentioned wasn't really the problem but the IFrame exploit contained on the page, which produces a Information Bar pop-up in IE7

In researching this culprit I found that the same exploit is being served up on several other sites. 2 of which were discoved by the Microsoft Search Defender project as seen here ... in the first two examples these sites now contain the same IFrame exploit. I suspect these servers have been hacked since Microsoft reviewed them and the IFrame injected.

These culprit sites will be included in the next HOSTS file update ... as the IFrame page was scanned at VirusTotal and was only detected by AntiVir as: EXP/HTML.VML.Gen

Published Sun, Dec 3 2006 12:06 by winhelp2002

Comments

# When Sites are Hacked visitors get whacked

Sunday, January 14, 2007 11:48 PM by Hosts News

It looks like another Game site got hacked and one line of HTML code was added to their site, which will

Hosts News

This Blog

Syndication

Search

Tags

Community

Archives