General Explanation
Type: Worm
Degree of destruction: average
Prevalence: high
Names of the malware:
- Trojan.Win32.IFrame.aspx (Padvish)
- Trojan.HTML.IFrame.AP (Padvish)
- Trojan.Downloader.JS.Iframe.dcb (Padvish)
What is Trojan?
Trojans are malware types that introduced themselves as healthy and legal software and act similar to useful and applicable software but cause many destructions to the system when executing. The downloaded software from the internet, placing HTML text, attaching to an email, etc. are ways that Trojans are using to enter the system. Contrary to viruses and computer worms, Trojans are not reproducible.
What is Iframe malware?
Iframe malware is a kind of downloader malware (Trojan) that connects to its desired server and downloads other malware, in addition, to hide in the form of .html and .aspx. This malware is designed to lead the user to a destructive and seducer server (Blackholes) by an Iframe hidden address.
Technical Explanation
Signs of infection
A sample of the infected .aspx file by this attack is displayed below. For instance, the below Iframe injected to the Login page of the victim website.
Describing the actions
The browser will execute the iframe () function in the background (out of the sight of the user) when a user opens the infected page with the browser. The function acts as follows:
It creates a <iframe> block out of the sight of the user and gives its address to the destructive host (blackholes).
How to deal with this and disinfect the system
Padvish Antivirus detects and disinfects this malware. Bruteforce is one of the methods to inject the infected code into the web pages and decodes the Administrator’s password. Hence, avoid using simple passwords. Additionally, Padvish IPS detects these probable vulnerabilities and prevents their entry into the system. So, it is recommended to install Padvish to protect your system from this kind of malware.