DIY mass iFrame injecting Apache module sold online
Posted on 26.11.2012
The wish to automate repetitive and boring tasks is not restricted to those who engage in legal enterprises, so it's no wonder that we have lately witnessed a rise in DIY kits marketed to cyber crooks and scammers.


One of these is a Apache 2.x module for automated mass iFrame injection for which Webroot's Dancho Danchev has recently spotted an underground market advertisement.

"The Apache 2.x based stealth module is capable of inserting and rotating iFrames on all pages at a particular website hosted on the compromised server. The process will only work with a cookie+unique IP in an attempt by the cybercriminal behind the kit to make the process of analyzing the module harder to perform. The module would also not reveal the iFrame URL to search engines, Google Chrome and Linux users, as well as local IP," he shares, adding that this makes it virtually impossible for a webmaster to remove the infection from their Web site.

The module is for sale for $1,000, and in order to incite buyers, the seller offers statistics that apparently prove that the ROI is good.

"Thousands of users continue installing and purchasing fake antivirus software products, driving a steady flow of income to the accounts of the cybercriminal(s) operating these campaigns," he points out. "Moreover, the statistics also indicate that thousands of users, visiting their favorite and trusted websites, are getting exploited through client-side exploits like the ones served by the market leading Black Hole Exploit Kit, thanks to the malicious Apache 2 module."

The seller also reveals in the ad that the module has already been successfully use in a number of security incidents across the globe.






Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //