DIY mass iFrame injecting Apache module sold online
Posted on 26.11.2012
Bookmark and Share
The wish to automate repetitive and boring tasks is not restricted to those who engage in legal enterprises, so it's no wonder that we have lately witnessed a rise in DIY kits marketed to cyber crooks and scammers.


One of these is a Apache 2.x module for automated mass iFrame injection for which Webroot's Dancho Danchev has recently spotted an underground market advertisement.

"The Apache 2.x based stealth module is capable of inserting and rotating iFrames on all pages at a particular website hosted on the compromised server. The process will only work with a cookie+unique IP in an attempt by the cybercriminal behind the kit to make the process of analyzing the module harder to perform. The module would also not reveal the iFrame URL to search engines, Google Chrome and Linux users, as well as local IP," he shares, adding that this makes it virtually impossible for a webmaster to remove the infection from their Web site.

The module is for sale for $1,000, and in order to incite buyers, the seller offers statistics that apparently prove that the ROI is good.

"Thousands of users continue installing and purchasing fake antivirus software products, driving a steady flow of income to the accounts of the cybercriminal(s) operating these campaigns," he points out. "Moreover, the statistics also indicate that thousands of users, visiting their favorite and trusted websites, are getting exploited through client-side exploits like the ones served by the market leading Black Hole Exploit Kit, thanks to the malicious Apache 2 module."

The seller also reveals in the ad that the module has already been successfully use in a number of security incidents across the globe.






Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //