Dynamic DNS and Botnet of Zombie Web Servers

[b] Dynamic DNS and Botnet of Zombie Web Servers [/b] 11 Sep 09 Filed in Website exploits It’s always interesting to watch how malware attacks evolve over time.

Since this spring, when I started to distinguish it from other attacks, this hidden iframe injection attack has always been among “leaders”.

http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/

This iframe injection is very old news, avast has been dealing with it for absolutely ages. Though there is a lot of other useful information.

Personally I don’t care what domains they point to as that is really irrelevant as the payload could be on any domain and trying to block these domains is like shooting at a moving target. Frequently the domain is only live for a few days.

So it has to be the detection of the injected iframe and or blocking that iframe from running (firefox and noscript with block iframes enabled) that is a better prevention in my opinion.

100% agree with the previous post. Great advice!!!