[b] Dynamic DNS and Botnet of Zombie Web Servers [/b] 11 Sep 09 Filed in Website exploits It’s always interesting to watch how malware attacks evolve over time.http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/Since this spring, when I started to distinguish it from other attacks, this hidden iframe injection attack has always been among “leaders”.
This iframe injection is very old news, avast has been dealing with it for absolutely ages. Though there is a lot of other useful information.
Personally I don’t care what domains they point to as that is really irrelevant as the payload could be on any domain and trying to block these domains is like shooting at a moving target. Frequently the domain is only live for a few days.
So it has to be the detection of the injected iframe and or blocking that iframe from running (firefox and noscript with block iframes enabled) that is a better prevention in my opinion.
100% agree with the previous post. Great advice!!!