Hi malware fighters,
There is quite some misunderstanding about Iframe exploits. IFrame exploits? No, the term is wrong actualy. It seems there has been some phenomenon of referring to exploits that load through inline frame (IFrame) tags as “IFrame exploits.” It seems that a lot of people seem to think that IFrames are evil and that they are at the actual root of this exploit, the cause of it so to say. This isn’t really true though. Recently a number of websites have been compromised and have had IFrame tags added to their source that are invisible (height/width is usually set to 0 or 1). These invisible tags then generally pull in exploit code from another website that attempts to take advantage of an not fully patched system. We could say that the IFrame is accomplice in the page source, but it certainly is not the exploit itself.
Unfortunately you might not be able to protect yourself by just browsing to “trusted” websites. Recently a number of well known legitimate websites have been hacked only to have their source modified to turn them into malware/exploit gateways. The best thing you can do to protect yourself is keep your OS and software fully patched, try not to browse the web as an administrator/root user, and don’t surf too many sites housing questionable content. Use the NoScript add-on for Firefox and use DrWeb’s hyperlink av-scanner before clicking a hyper link you do not fully trust.
Frame breaker
They are very old school but can be very effective in protecting against iframe attacks.
if (top != self) {
top.location.href = 'http://yoururl/';
}
or the next script to break out of frames, but do not place this in your own web site’s frames…
because it breaks out of everything…
<script type="text/javascript>
<!--
if(top.frames.length > 0)
top.location.href=self.location;
//-->
</script>
polonus