Methodologies of the RBN - IframeCash
(Page 3 of 4 )
IframeCash is an affiliate program associated with what is frequently called the RBN's retail division (as are the fake anti-spyware sites mentioned above). The IframeCash exploit takes advantage of vulnerabilities in the Inline Frame attribute in HTML, which lets webmasters display other websites within their own page (if you do a Google image search and click on a result, you will see this in action). Malware programmers hack into a site with these vulnerabilities and insert their own pages into the Inline frames. They typically make the pages 1x1 pixel in size, rendering them invisible to the user, and insert a redirect code that takes the user to another site where Malware will be installed on their computer. All of this occurs in the background, leaving users completely unaware that they are affected.
Sites such as MLB(dot)com, NHL(dot)com, Monster(dot)com, and just today, as I write this article, the Indian-based anti-virus company, AVSoft(dot)com, have all been affected. These issues, aside from the AVSoft website, have all been fixed as of this writing.
Another Iframe method the RBN uses is its affiliate program. It brazenly offers members the chance to sign up via its line of IframeCash websites, promising webmasters roughly ten cents per infected computer. Those who sign up are given a single line of code to place in an invisible Iframe on their website, luring unsuspecting victims into the trap. While it may not seem like a lot of money (1,000 infections only nets you $100), keep in mind that that is only for one site. Most of the affiliates sign up for multiple sites.
Next: Search Exploit >>
More Web Hosting Articles Articles
More By James Payne
