Home / malwarePDF  

Exploit:HTML/IframeRef.I


First posted on 09 April 2019.
Source: Microsoft

Aliases :

There are no other names known for Exploit:HTML/IframeRef.I.

Explanation :

Exploit:HTML/IframeRef.I is a detection for specially formed IFrame tags that point to remote web sites containing malicious content, for example malicious JavaScript containing an exploit for a specific vulnerability. An IFrame is a valid HTML element, which allows content from a separate page or Web site to be embedded in other Web site pages. The rendered IFrame may be only one pixel in length to avoid being spotted by the user.  This exploit requires that a user view or visit the affected websites or open a malicious HTML page for the redirection to occur.  It may also be found embedded in crafted email messages sent from an attacker. In the wild examples of Exploit:HTML/IframeRef.I redirect browsers to certain URLs within the following domains:  2mj.pl a3h.pla3h.rua3h.rua3l.pla3l.rua3q.rua3t.rua5f.rua5h.rua5i.rua5j.rubestnameshop.cnbestwebfind.cnbigbestfind.cnbigtopmanagement.cnc3q.atc5p.atc5y.atc6h.atc6p.atc6y.atc9u.atce5.atdynamicfilmmedia.cnf5l.atf6p.atfindbigbearproperty.cnfindbigboob.cnfindbigbrother.cnfindyourbigwhy.cnglobalmixgroup.cngreatmixlot.cngreatnamemovie.cnhomenameworld.cnhouseofnoname.cnhugebest.cnhugepremium.cnhugetopdiet.cnhugetopdiscover.cninhouselabel.cnlotwager.cn?pepsi56mediahomenameshoppicture.cnmeldorgroup.cnmixlotworld.cnmixmaxgroup.cnmixreleasegroup.cnnamebuyfilmlife.cnnameforshop.cnnamestorevideo.cntechnologybigtop.cnthebestyoucanfind.cnthebettings.cnthefilmmusic.cnthelotmachine.cnthenetnameshop.cntopfindworld.cntoplitesite.cntvnameshop.cnu0b.inu19.inu1w.inworldnamebuy.cnx8o.rux9g.rux9p.rux9y.ruxb8.ru  xb8.ru  xd4.ruxf0.ruxg0.ruxh4.ru   At the time of writing, these sites could no longer be reached for further analysis.  Analysis by Gilou Tenebro

Last update 09 April 2019

 

TOP