Joseph Schembri has written many ebooks that are practical, easy, but thorough with step by step advice on website security protection and internet niche marketing. They are written in a language that you can understand with all the extra nice to have stuff stripped away.
http://www.schembrionics.com
http://www.websiteprotection.net
http://www.nichemarketingsecrets.net
If you have been reading my articles on combating malicious iframe injections, you will have noticed that these malicious iframes have a basic configuration as shown below:
[iframe src='http://url/'width='1'height='1'style='visibility: hidden;'][/iframe]
They have this configuration so that hackers can hide these unwanted iframes by making them invisible. The iframe is created with width and height of 1 pixel, visually it’s just a point. They also specify a style that makes it invisible:style='visibility: hidden;'
These iframes are invisible to web surfers but they can be detected in the HTML code of your web page.
To hide iframes in the HTML, hackers use obfuscated scripts. Apart from obfuscated scripts, hackers are now also using what is called packed javascripts. Packing javascripts is a good thing as it improves delivery and optimization. But, as always, these legitimate things can be used in a bad way to hide and insert malicious unreadable iframes into your web page. When you check the HTML code of such web pages you don’t see any iframes, just some JavaScript with unclear purpose with no URLs and suspicious words within it. And since many modern web pages contain dozens of third-party scripts (e.g. ads, statistics, widgets, etc.) webmasters usually overlook such scripts.
Let us take the previous malicious iframe example and pack it. It would look like the following:
eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e){returnr[e]}];e=function(){return'w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('b'+e(c)+'b','g'),k[c]);returnp}('[02='3://4/'5='1'6='1'7='8:9;'][/0]',10,10,'iframe||src|http|url|width|height|style|visibility|hidden'.split('|'),0,{}))
If you look at the above code, it is hard to see if it is malicious or not. You will notice some words that appear suspicious, but may not be. Sometimes you may not see any suspicious text at all.
What you need to do is to unpack this compressed code when you are unsure whether the scripts being loaded are malicious or not.
One site you can visit to unpack these compressed codes is at:
http://www.strictly-software.com/unpack-javascript.aspx
Simply copy the complete code, eval(function........) and paste into the upper box. Click on the "Unpack" button. The final result will be shown in the second box and should be the actual code which should now be completely readable. Once the code is readable, you need to make sure that it is malicious or not before you delete it.
To hide malicious code, hackers sometime encode their scripts multiple times, so that even if you execute such a script you'll get just another obfuscated or compressed script. The malicious script decodes itself and creates another encoded script which in turn creates another hidden malicious iframe.
Further investigation on malicious iframes has shown that, antivirus vendor Sophos, warns that a new injection attack has infected thousands of websites with malicious IFrames. In order to avoid detection, the rogue IFrames get their src attribute (their URL) through an "onload" JavaScript event. Aside from the heavy obfuscation, this attack makes use of a specific trick to avoid Web scanners. More specifically, decoding the string will result in an IFrame that doesn't have a direct src value. It uses a javascript "Onload" function to generate it. The src usually points to a third party server that attempts to infect visitors with malware. This usually attacks vulnerabilities in your software so make sure you install critical patches for popular software such as Adobe Reader, Flash Player, Java Runtime Environment, Microsoft Office or Windows itself. When you unpack the code, look for this.
The battle against malicious iframe injections is a constant battle. For more information your can visit:
http://websiteprotection.blogspot.com
It is also important to remember that not all iframes are bad. Before you remove a suspected iframe, make sure it is not relevant to your web page. You might want to download a copy of the web page before you do any deleting just to be sure if your are not certain.
- Related Videos
- Related Articles
- Ask / Related Q&A
Starter Websites: Affordable Web Solutions for Small Business
By: Amalendu Hajraa | 28/11/2009The article informs readers about starter website and what they should keep in mind concerning starter websites. In this connection the article also speaks about starter website packages by offshore development centers in India.
Web Development Tools
By: Carley Swao | 28/11/2009Web development is the process of developing a web site for the World Wide Web or Internet. This includes e-commerce, web design, web content development and web server configuration.
diy website Builders
By: Gina Chad | 28/11/2009You have decided you need a site, but you're not sure where to begin. You know that in this cruel economic situation you want as much exposure as possible. You know that the Internet is open twenty-four hour a day, seven days a week, and 365 days a year. You know that your product, or service, or just what you have to say has value to many people, and even if it is not, you want to share it with the world anyway. Web sites are the same as houses. First off to create a web ...
LM Designing still the leading web company in design and affordability!
By: justin matis | 27/11/2009Its a mystery how LM Designing can produce such high quality designs and yet still be so affordable? There are thousands of web design companies that claim to be affordable, but what type of work are you getting for $199? Or even $299/$399? I have done reviews on about 200 plus companies to see the standard of work produced for the same cost and really compared the value.
LM Designing has made the difference for many beginning companies web presence!
By: justin matis | 27/11/2009Its a mystery how LM Designing can produce such high quality designs and yet still be so affordable? There are thousands of web design companies that claim to be affordable, but what type of work are you getting for $199? Or even $299/$399? I have done reviews on about 200 plus companies to see the standard of work produced for the same cost and really compared the value.
Crucial Advice On How To Design And Create The Best Website
By: Dmytro Fedosyeyev | 27/11/2009In order to create the best website, you need to have a clear goal and a good strategy of achieving that goal. A good website should leave a strong impression on the user within the first few seconds of clicking on it.
How To Use The Poll Component Within Your Joomla CMS
By: ray proctor | 27/11/2009This article explains how to use the poll component and poll module within your joomla content management system.
Selection between Templates and Custom Website
By: spinxwebdesign | 27/11/2009As a beginner, you may find it difficult to make a selection between Temples and Custom Website design. It requires some home work to understand their pro and cons which will help you to select the right one as per your needs and budget.
Quick Reference Links To Fight Iframe Injections
By: Joseph Schembri | 11/11/2009 | Web DesignI have had many requests from people reading my articles on combatting iframe injection to create a quick start guide with the various links one can use to detect and recover from iframe injection attacks.
New Malicious iFrame Injection - Mal/Iframe-N
By: Joseph Schembri | 09/11/2009 | Web DesignThe Mal/Iframe-N appears to be the latest malicious iframe injection attack on websites. Since releasing detection for Mal/Iframe-N, SophosLabs have seen a rising number of detections. Detections are now into the thousands of websites affected by this threat. Some of the sites hit are also well known.
More On Hidden Malicious Iframe Injections
By: Joseph Schembri | 08/11/2009 | Web DesignTo hide iframes in the HTML, hackers use obfuscated scripts. Apart from obfuscated scripts, hackers are now also using what is called packed javascripts. Packing javascripts is a good thing as it improves delivery and optimization. But, as always, these legitimate things can be used in a bad way to hide and insert malicious unreadable iframes into your web page. When you check the HTML code of such web pages you don’t see any iframes, just some JavaScript with unclear purpose.
Obfuscated iFrame Injection Attacks
By: Joseph Schembri | 01/11/2009 | Web DesignCompromised websites can be infected with hidden iframes and/or with obfuscated (escaped) javascript code. Obfuscation is the concealment of meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. It is basically a form of encryption.
Using File Permissions To Combat iFrame Injections
By: Joseph Schembri | 21/10/2009 | Web DesignMost website file permissions are CHMOD 644. Since iframe injections attack your index.* web pages, the CHMOD 644 may not be enough to protect them. CHMOD 644 gives you, the user, all read, write and execute permissions and everybody else only read and execute permissions. You would think that this should be enough to prevent an iframe injection. Unfortunately, it is not.
Measures to Prevent and Detect iFrame Injection Attacks
By: Joseph Schembri | 14/10/2009 | Web DesignIf you have suffered an iframe injection attack you need to act fast. If the security of your website is compromised, it can affect the search engine rankings of your website. Besides, it may pave way for more sophisticated attacks. Google will mark your site in it's search results with a warning: "This site may harm your computer". Your traffic will go down to zero.
Website Protection Using The Index Page
By: Joseph Schembri | 09/10/2009 | Web DesignThe other directories(sub-folders) on your website, the ones below your root directory, which is typically called "public", or "public_html", do not normally have an index page. If the index page is not there, your visitor may be able to view every web page or file you have in that directory. A folder without an index page is open and everyone can find your product if they search for it. You thus should create an index page for all your folders.