Joseph Schembri has written many ebooks that are practical, easy, but thorough with step by step advice on website security protection and internet niche marketing. They are written in a language that you can understand with all the extra nice to have stuff stripped away.
http://www.schembrionics.com
http://www.websiteprotection.net
http://www.nichemarketingsecrets.net
The Mal/Iframe-N appears to be the latest malicious iframe injection attack on websites. I had touched on this briefly in other articles combatting malicious iframe injection attacks.
Security researchers warn that this new injection attack has infected thousands of websites with malicious IFrames. In order to avoid detection, the malicious IFrames get their src attribute (their URL) through an "onload" JavaScript event.
Since releasing detection for Mal/Iframe-N, SophosLabs have seen a rising number of detections. Detections are now into the thousands of websites affected by this threat. Some of the sites hit are also well known.
Normally, malicious Iframes have the following form:
[iframe src='http://url/'width='1'height='1'][/iframe]
In the new attack there isn't a direct "src=", they use "onload=" as follows:
[frame onload="if (!this.src){ this.src='http://url'; this.height=1; this.width=1;}"].
All the domains used so far have been based in Russia.
The tools being used to inject these Iframes are currently adding them to the end of legitimate HTML as shown below:
[html]
.
.
.
[/html]
[frame onload="if (!this.src).............
This usually attacks vulnerabilities in your software so make sure you install critical patches for popular software such as Adobe Reader, Flash Player, Java Runtime Environment, Microsoft Office or Windows itself.
You could also be infected with an obfuscated or packed javascript version of these malicious iframes.
You can find more information about iframe injections at:
http://websiteprotection.blogspot.com
Website security and monitoring is a vital part of the success of your online business. Making it a priority is crucial for your website file and data protection. Understanding that and taking the steps to properly implement website security practices can mean increased sales and more business opportunities.
- Related Videos
- Related Articles
- Ask / Related Q&A
10 Top Smart Web Design Tips
By: TravisOl | 04/12/2009When in the thoughts of producing a website, think hard on the some important key points you must deploy. Here you have 10 top tips.
Web Development Company
By: linksswap | 04/12/2009Choosing between a web development company and a professional development company is like choosing a rose from the bunch of thorns. In generic sense, every web development company is offers elementary website designing, website development and website hosting, and the hot new trend of search engine optimization (SEO.)
Choose the right E-commerce Website solution
By: arvind | 04/12/2009E-commerce is known to be the most popular means of support of the web. If it were not for online trading, the internet would just be a clutter of personal websites with no real purpose. The drastic benefits people make from e-commerce websites is commendable.
Website Builder - How To Build A Website That Is Optimised For SEO
By: fitzwar | 04/12/2009When using a website builder its important to make sure your website is fully optimised for search engines so it ranks well in search engines.
Very Useful Sites to Check Pagerank or to Upload Files to Multiple Hosting
By: Irfan Ardiansah | 04/12/2009There is so many website to use when we want to make our blog better or when to upload a file. This time it's a review about so many feature that simplified to become just two sites.
Website Design Nepal, Web Design Nepal, Web Design Company Nepal, Web Designer Nepal
By: Imagine Web Solution | 04/12/2009Imagine web solution is a team of website designers and specializes in website Design, Development, Search Engine Optimization, Promotion, Graphic Design and Multimedia Presentation.through internet as per your need and capability
EasySiteBuild- making the website builder task easy
By: Mantoo Joinx | 04/12/2009The Website Builder services include the framework for the preparation of the website layout along with the content crafted with the use of required keywords. The website also requires proper hosting and the endowment of protective softwares.
Marketing Techniques Used in Web design
By: Fiona Livnat | 04/12/2009Web design incorporates principles of marketing. Some of the simple tools of online marketing are Search Engine Optimization, Link Building, Pay Per click management, e-mail marketing, e-commerce and updating of website. These marketing tools aid the principles of good web design to produce a winning web site.
Quick Reference Links To Fight Iframe Injections
By: Joseph Schembri | 11/11/2009 | Web DesignI have had many requests from people reading my articles on combatting iframe injection to create a quick start guide with the various links one can use to detect and recover from iframe injection attacks.
New Malicious iFrame Injection - Mal/Iframe-N
By: Joseph Schembri | 09/11/2009 | Web DesignThe Mal/Iframe-N appears to be the latest malicious iframe injection attack on websites. Since releasing detection for Mal/Iframe-N, SophosLabs have seen a rising number of detections. Detections are now into the thousands of websites affected by this threat. Some of the sites hit are also well known.
More On Hidden Malicious Iframe Injections
By: Joseph Schembri | 08/11/2009 | Web DesignTo hide iframes in the HTML, hackers use obfuscated scripts. Apart from obfuscated scripts, hackers are now also using what is called packed javascripts. Packing javascripts is a good thing as it improves delivery and optimization. But, as always, these legitimate things can be used in a bad way to hide and insert malicious unreadable iframes into your web page. When you check the HTML code of such web pages you don’t see any iframes, just some JavaScript with unclear purpose.
Obfuscated iFrame Injection Attacks
By: Joseph Schembri | 01/11/2009 | Web DesignCompromised websites can be infected with hidden iframes and/or with obfuscated (escaped) javascript code. Obfuscation is the concealment of meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. It is basically a form of encryption.
Using File Permissions To Combat iFrame Injections
By: Joseph Schembri | 21/10/2009 | Web DesignMost website file permissions are CHMOD 644. Since iframe injections attack your index.* web pages, the CHMOD 644 may not be enough to protect them. CHMOD 644 gives you, the user, all read, write and execute permissions and everybody else only read and execute permissions. You would think that this should be enough to prevent an iframe injection. Unfortunately, it is not.
Measures to Prevent and Detect iFrame Injection Attacks
By: Joseph Schembri | 14/10/2009 | Web DesignIf you have suffered an iframe injection attack you need to act fast. If the security of your website is compromised, it can affect the search engine rankings of your website. Besides, it may pave way for more sophisticated attacks. Google will mark your site in it's search results with a warning: "This site may harm your computer". Your traffic will go down to zero.
How To Submit Your Blogger Blog To Search Engines
By: Joseph Schembri | 11/10/2009 | SEOHow to submit your Blogger Blog to the major search engines in the same way as done with websites. Learn how to do a complete submission rather than just submit a URL that would have an unkown time for indexing, being added to the search engine directory.
Website Protection Using The Index Page
By: Joseph Schembri | 09/10/2009 | Web DesignThe other directories(sub-folders) on your website, the ones below your root directory, which is typically called "public", or "public_html", do not normally have an index page. If the index page is not there, your visitor may be able to view every web page or file you have in that directory. A folder without an index page is open and everyone can find your product if they search for it. You thus should create an index page for all your folders.