Author Topic: Q: My Avast just blocked HTML:Iframe-inf virus/worm, now what?  (Read 30300 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: Q: My Avast just blocked HTML:Iframe-inf virus/worm, now what?
« Reply #15 on: July 23, 2009, 11:55:04 PM »
Yes, that is my whole point.

Based on the wording, "No zeroiframes detected! " they appear only to be looking for iframes with 0x0 width and height size, when these have what would appear to be a regular sizing, yet they go to the trouble of hiding the iframe. So why do they bother giving it a size, possibly to avoid detection for those tools looking 0x0 iframes.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
Re: Q: My Avast just blocked HTML:Iframe-inf virus/worm, now what?
« Reply #16 on: July 24, 2009, 12:11:14 AM »
Hi DavidR,

I think our handling of these detections will also attrackt malcreator eyes, and of course they also get somewhat the wiser for what we have put here before them and the information can be abused as well, as it can be helpful for people to be more alerted to these cybercrime activities that go on on a large scale,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: Q: My Avast just blocked HTML:Iframe-inf virus/worm, now what?
« Reply #17 on: July 24, 2009, 12:22:05 AM »
Yes, they too will adapt to evade detection, what was a good idea to have 0x0 iframe size soon got identified as an aid to detection and now they have seen that that trick is no longer evading detection.

So those doing the detection have to get smarter too and look for the hidden attribute in the iframe also. If they, the miscreants see that that is being used as an aid to detection what are they to do then as removing the hidden attribute would bring it back into the light out of the darkness.

So it will be an on-going battle so we also have to be aware that the tools we use might be being evaded too.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Rodnev

  • Guest
Re: Q: My Avast just blocked HTML:Iframe-inf virus/worm, now what?
« Reply #18 on: July 24, 2009, 12:34:04 AM »
How are these people able to get the piece of spyware-code onto someone else website?
Do they just hack it?

Also, and this will probably sound paranoid/noobish, can i be sure this spyware didn't infect my computer? Even though Avast gave the warning?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: Q: My Avast just blocked HTML:Iframe-inf virus/worm, now what?
« Reply #19 on: July 24, 2009, 12:50:16 AM »
Yes they hack sites to insert the code.

It is usually as a result of vulnerabilities in old versions of content management software, PHP, SQL, WordPress, etc.

The web shield scans content in its localhost proxy before it gets to your browser cache, when it alerts it only gives the abort connection option, that drops the infected item so it doesn't get to your system. If it did the standard shield would also be likely to alert. So you should be OK, if you wish you can run an avast scan of your system to confirm that.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
Re: Q: My Avast just blocked HTML:Iframe-inf virus/worm, now what?
« Reply #20 on: July 24, 2009, 12:58:00 AM »
Hi Rodnev,

The sites are probably hacked through older and therefore exploitable versions of website software, old exploitable PHP, old versions of Joomla, stealing inlog code, after a succesful hack one should always alter and strengthen the passwords etc.
As DavidR explains just the fact that avast alerted you to this has been your rescue, avast aborted the connection before the silent drive-by-download could take effect or the re-direct could even take place.
Your safe and secure, avast is a forerunner in this field and this is their special expertise.
Of course as a last line of defense you could use the firefox browser with NoScrip extension, then your security is full proof, but even without that with avast you have nothing to worry whatsoever,

polonus aka Damiaan
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Rodnev

  • Guest
Re: Q: My Avast just blocked HTML:Iframe-inf virus/worm, now what?
« Reply #21 on: July 24, 2009, 02:27:29 PM »
Cool.
Thanks to the both of you. Now I can sleep just a little better hehe.

And i installed the FF noscript plugin, just to be sure.

Chrz!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: Q: My Avast just blocked HTML:Iframe-inf virus/worm, now what?
« Reply #22 on: July 24, 2009, 03:49:07 PM »
No problem, glad I could help.

A belated welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security