Author Topic: Dynamic DNS and Botnet of Zombie Web Servers  (Read 2509 times)

0 Members and 1 Guest are viewing this topic.

YoKenny

  • Guest
Dynamic DNS and Botnet of Zombie Web Servers
« on: September 13, 2009, 04:47:36 PM »
Quote
Dynamic DNS and Botnet of Zombie Web Servers
11 Sep 09   Filed in Website exploits
It’s always interesting to watch how malware attacks evolve over time.

Since this spring, when I started to distinguish it from other attacks, this hidden iframe injection attack has always been among “leaders”. 
http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: Dynamic DNS and Botnet of Zombie Web Servers
« Reply #1 on: September 13, 2009, 05:29:58 PM »
This iframe injection is very old news, avast has been dealing with it for absolutely ages. Though there is a lot of other useful information.

Personally I don't care what domains they point to as that is really irrelevant as the payload could be on any domain and trying to block these domains is like shooting at a moving target. Frequently the domain is only live for a few days.

So it has to be the detection of the injected iframe and or blocking that iframe from running (firefox and noscript with block iframes enabled) that is a better prevention in my opinion.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Avastfan1

  • Guest
Re: Dynamic DNS and Botnet of Zombie Web Servers
« Reply #2 on: September 13, 2009, 06:06:03 PM »
100% agree with the previous post. Great advice!!!