Search This Blog

Another Mass IFrame Injection Attack |350,000 ASP sites infected

 Another Mass Iframe Injection Attack detected by Researchers.  On july, They detected the Mass Iframe injection that infected the 90000 websites. Looks like this time the number of sites is increased.   350,000 websites infected by Malware.  Also they targeted the website that are developed using

As per the Google result, there is 180,000 websites infected by this Iframe injection attack. They targeted victims who use 6 particular language:English, German, French, Italian, Polish, and Breton in their websites.
If you want to check the list of Infected sites, then do google search as "".  Never click the website that return by google after this search.  It will launch the malware attack.

Malware Infection:
The Malicious scripts inserted inside the victims website causes the visiting browser to load an iframe first from and then from
Multiple browser-based drive-by download exploits are served depending on the visiting browser.

When the user is redirected to the malware server, it will server to the visitors. The malware will be automatically installed without your knowledge. This is if they have outdated browsing platforms (browser or Adobe PDF or Adobe Flash or Java etc).

Currently, the 6 out of 43 antivirus vendors on VirusTotal can detect the dropped malware. resolves to IP (AS3999), which is in Russia. resolves to (AS36352), which is in the US and hosted by resolves to IP (AS33597), which is in the US and hosted by InfoRelayOnlineSystems.

The dropped malware attempts to connect to: (AS25653), which is in the US.

IFrame Injection:
They inserted the Iframe inside the webpage using the web application vulnerability. like this:
<script src="Link_to_malicious_script"></script>

This inserts the malicious javascript inside website.  This malicious script generates an iframe to, which gives an HTTP 302 redirect to the exploit server at www2.safetosecurity.rr.

Security Tips from to Web Masters:
If your site also infected, then delete all files from your server. I hope you have backup of your website contents. Install the Latest Antivirus in your system. Verify your code before uploading.
Share it:


IFrame Injection

Malware Attack

Malware Report

Mass IFrame Injection

Security Breach


Web Application Vulnerability

XSS Vulnerability