Home Testimonials Company Support 1–888–873–0817
Home Notes Malware Signatures About
Malware definitions (web based)

Malicious iframes

First a definition: An inline frame (iframe) is used to embed another document within the current HTML document.

Why is it used by the "bad guys"? Because as the definition implies, it allows you to insert another document inside the current HTML page. And the attackers use that feature to insert malicious content into the compromised sites (to redirect to spam, exploit kits, Fake AV, phishing, etc).

Example of malframes (malware iframes):

Iframes can be injected and hidden in different ways inside web sites, but this is how it looks to the web browser (if you use view-source):

This code loads whatever content is inside rec-creations.com/adv.php and executes by the browser of the victim.

Encoded iframe: Iframes can also be encoded inside a javascript cal,l, like this one: