Mal/Iframe-V

Category: Viruses and Spyware Protection available since:17 Feb 2011 09:13:17 (GMT)
Type: Malicious behavior Last Updated:24 Nov 2011 11:40:25 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Mal/Iframe-V is a small or hidden iframe within a web page that attempts to load further malicious content from a remote website.

Pages blocked as Mal/Iframe-V will often be within legitimate websites that have been compromised by malicious hackers. This technique is used to funnel web traffic from many compromised sites to the attack sites that are controlled by those attacks. At the time of writing, Mal/Iframe-V is loading malicious scripts that Sophos products block as Troj/ExpJS-BM and Troj/ExpJS-BO.

 

Examples of Mal/Iframe-V include:

Example 1

File Information

Size
101K
SHA-1
3f204a41430948fc6718e206a130870b42c2833c
MD5
28b098b53d05a5e8b561f731e616f17a
CRC-32
1fef1062
File type
application/octet-stream
First seen
2011-09-15

Runtime Analysis

HTTP Requests
  • http://dfgjahkdjsfasfsdgafg.cz.cc/main.php
  • http://html5shiv.googlecode.com/svn/trunk/html5.js
  • http://twit.tv/files/280x150_V2.jpg
  • http://twit.tv/files/imagecache/flyout-icon/275093_1003869689_305191_n_0.jpg
  • http://twit.tv/files/imagecache/flyout-icon/Alexlindsay.jpg
  • http://twit.tv/files/imagecache/flyout-icon/AmberMacArthur.jpg
  • http://twit.tv/files/imagecache/flyout-icon/Brian_Brushwood.jpg
  • http://twit.tv/files/imagecache/flyout-icon/Denise_howell.jpg
  • http://twit.tv/files/imagecache/flyout-icon/Gina_Trapani.jpg
  • http://twit.tv/files/imagecache/flyout-icon/Jason_headshot_side.jpg
  • http://twit.tv/files/imagecache/flyout-icon/Sarah_lane.jpeg
  • http://twit.tv/files/imagecache/flyout-icon/Self-Portrait-2010-Porch-_Final_-_Cutout_-Avatar.jpeg
  • http://twit.tv/files/imagecache/flyout-icon/TomMerritt.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/2macbreak_200px.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/LNT%20art.png
  • http://twit.tv/files/imagecache/flyout-icon/coverart/aaa600.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/fr600_0.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/hn600.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/ipad600.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/nsfw600.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/photo600.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/podcast_10_3.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/podcast_17_3.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/podcast_2_3.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/podcast_4_3.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/podcast_5_3.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/tnt600_1.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/tri600.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/twig200_0.jpg
  • http://twit.tv/files/imagecache/flyout-icon/coverart/twit300.jpg
  • http://twit.tv/files/imagecache/flyout-icon/leo.jpg
  • http://twit.tv/files/imagecache/flyout-icon/n507938519_1478044_5967.jpeg
  • http://twit.tv/files/imagecache/slideshow-slide/nsfw0093.jpg
  • http://twit.tv/files/imagecache/slideshow-slide/tnt0328.jpg
  • http://twit.tv/files/imagecache/slideshow-slide/tri0024.png
  • http://twit.tv/files/imagecache/slideshow-slide/twig0112.jpg
  • http://twit.tv/files/imagecache/slideshow-slide/videoframe_black_0.png
  • http://twit.tv/files/tc850extreme_125x125_version5.gif
  • http://twit.tv/sites/all/modules/ad/serve.php
  • http://webchat.twit.tv/
IP Connections
  • 89.208.34.116:445
DNS Requests
  • dfgjahkdjsfasfsdgafg.cz.cc
  • disqus.com
  • html5shiv.googlecode.com
  • twit.tv
  • webchat.twit.tv

Example 2

File Information

Size
110
SHA-1
b2467ddb4ebe2a425d4c9b79a5b10c068aebace7
MD5
429b3e2549de1cef96589dcbe9a3eab7
CRC-32
6766f555
File type
Unspecified Markup Language
First seen
2011-02-16

Example 3

File Information

Size
166K
SHA-1
cde942d776c60c6980d7ccd84b0a358fd15a94bb
MD5
6e602c3265e08e3ef0b5eec651de17e8
CRC-32
481cbd44
File type
application/octet-stream
First seen
2011-09-30

Runtime Analysis

HTTP Requests
  • http://google-mania.net/wp-content/themes/high-end-10/style.css
  • http://utwmuta.co.tv/i.php
DNS Requests
  • ad.agilemedia.jp
  • google-mania.net
  • utwmuta.co.tv

download Try Sophos products for free
Download now