Sucuri Research Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Malware definitions (web based)Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

Malicious iframes

First a definition: An inline frame (iframe) is used to embed another document within the current HTML document.

Why is it used by the "bad guys"? Because as the definition implies, it allows you to insert another document inside the current HTML page. And the attackers use that feature to insert malicious content into the compromised sites (to redirect to spam, exploit kits, Fake AV, phishing, etc).

Example of malframes (malware iframes):

Iframes can be injected and hidden in different ways inside web sites, but this is how it looks to the web browser (if you use view-source):

This code loads whatever content is inside rec-creations.com/adv.php and executes by the browser of the victim.

Encoded iframe: Iframes can also be encoded inside a javascript cal,l, like this one: