Author Topic: Dynamic DNS and Botnet of Zombie Web Servers (Read 2490 times)

YoKenny · « **on:** September 13, 2009, 04:47:36 PM »

Quote

Dynamic DNS and Botnet of Zombie Web Servers
11 Sep 09 Filed in Website exploits
It’s always interesting to watch how malware attacks evolve over time.

Since this spring, when I started to distinguish it from other attacks, this hidden iframe injection attack has always been among “leaders”.

http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/

DavidR · « **Reply #1 on:** September 13, 2009, 05:29:58 PM »

This iframe injection is very old news, avast has been dealing with it for absolutely ages. Though there is a lot of other useful information.

Personally I don't care what domains they point to as that is really irrelevant as the payload could be on any domain and trying to block these domains is like shooting at a moving target. Frequently the domain is only live for a few days.

So it has to be the detection of the injected iframe and or blocking that iframe from running (firefox and noscript with block iframes enabled) that is a better prevention in my opinion.

Avastfan1 · « **Reply #2 on:** September 13, 2009, 06:06:03 PM »

100% agree with the previous post. Great advice!!!

Author Topic: Dynamic DNS and Botnet of Zombie Web Servers (Read 2490 times)

YoKenny

Dynamic DNS and Botnet of Zombie Web Servers

DavidR

Re: Dynamic DNS and Botnet of Zombie Web Servers

Avastfan1

Re: Dynamic DNS and Botnet of Zombie Web Servers