New web threat takes advantage of iFrame vulnerability

Posted by Wolfgang Gruener

Security firm Trend Micro said that it has discovered a new threat that is currently making the rounds on the Internet. The threat is based on an iFrame vulnerability in webpage code to plant a keylogger to steal user passwords, or turn computers into proxy servers for various other attacks.

Trend Micro said that the threat could have originated from a computer Trojan-making kit and relies on a scenario in which website owners are unaware that they are compromised, and website users are unaware that surfing through seemingly legitimate pages can actually be part of an infection process. This process, according to the security firm, involves a malicious IP address that is inserted into the HTML code (HTML_IFRAME.CU), a download of malicious Trojans (TROJ_SMALL.HCK, TROJ_AGENT.UHL, TROJ_PAKES.NC, PAKES) from another URL via a JavaScript routine.

TrendMicro said that the threat was initially detected in Italy, but apparently is making its way to the U.S.