DIY mass iFrame injecting Apache module sold online
Posted on 26.11.2012
The wish to automate repetitive and boring tasks is not restricted to those who engage in legal enterprises, so it's no wonder that we have lately witnessed a rise in DIY kits marketed to cyber crooks and scammers.

One of these is a Apache 2.x module for automated mass iFrame injection for which Webroot's Dancho Danchev has recently spotted an underground market advertisement.

"The Apache 2.x based stealth module is capable of inserting and rotating iFrames on all pages at a particular website hosted on the compromised server. The process will only work with a cookie+unique IP in an attempt by the cybercriminal behind the kit to make the process of analyzing the module harder to perform. The module would also not reveal the iFrame URL to search engines, Google Chrome and Linux users, as well as local IP," he shares, adding that this makes it virtually impossible for a webmaster to remove the infection from their Web site.

The module is for sale for $1,000, and in order to incite buyers, the seller offers statistics that apparently prove that the ROI is good.

"Thousands of users continue installing and purchasing fake antivirus software products, driving a steady flow of income to the accounts of the cybercriminal(s) operating these campaigns," he points out. "Moreover, the statistics also indicate that thousands of users, visiting their favorite and trusted websites, are getting exploited through client-side exploits like the ones served by the market leading Black Hole Exploit Kit, thanks to the malicious Apache 2 module."

The seller also reveals in the ad that the module has already been successfully use in a number of security incidents across the globe.


Travel smart: Tips for staying secure on the road

Whether you're taking a personal holiday or a business trip, traveling by car or by plane, planning a quick jaunt or preparing for an extended stay, make sure your security best practices are coming along for the ride.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, May 26th