• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Malicious .biz site and browser vulnerabilities

Malicious .biz site and browser vulnerabilities

Myantispyware team November 20, 2005     2 Comments    

A user visited a webpage and got redirected to hxxp://iframebiz.biz/dl/adv443.php (tt changed to xx to protect anyone from getting there…)

Among other things… the page was obfuscated and many malicious bits of software loaded through javascript…. such as hxxp://iframebiz.biz/dl/adv443/sploit.anr and hxxp://iframebiz.biz/dl/loadadv443.exe and hxxp://iframebiz.biz/dl/adv443.hta and some sort of loaderadv443.jar and… http://iframebiz.biz/dl/adv443/x.chm

It looks like a bunch of malicious software trying to exploit a variety of vulnerabilities (old and new). Apparently this isn’t a new way of getting these installed (they found 9 DNS names have been used in the last week) – traffsale.biz iframesite.biz iframetraff.biz toolbartraff.biz buytraff.biz iframecash.biz toolbarurl.biz iframebiz.biz and toolbarbiz.biz all have been used by an machine at 81.9.5.10

They’ve tried contacting the ISP and for fun infected a VMware virtual machine. More than 50 files were pulled down from all over.

Not that Firefox is invincible, but … most exploits in the wild affect unpatched Internet Explorer vulnerabilities which is why I usually recommend Firefox…

Exploits & Vulnerabilities

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

2 Comments

  1. Danger
    ― December 2, 2005 - 2:59 pm  Reply

    How are they being injected into website files?

  2. Administrator
    ― December 2, 2005 - 4:43 pm  Reply

    It`s simple, owner website insert code with exploit to a page.
    For example: < iframe src=/path/to/expoloit width=0 height=0 >< /iframe >

Leave a Reply Cancel reply




New Guides

Access To This MAC Has Been Blocked Scam
Access To This MAC Has Been Blocked POP-UP SCAM (Virus removal guide)
Geek Squad EMAIL SCAM 2023
Geek Squad EMAIL SCAM 2023
Searchesmia.com Google Docs Chrome virus
Searchesmia.com Google Docs Chrome Virus removal
Allreqdusa.com Click Allow Scam
Allreqdusa.com Virus Removal Guide
Startd0wnload22x.com pop-up
Startd0wnload22x.com pop-up redirect (Virus removal guide)

Follow Us

Search

Useful Guides

How to reset Mozilla Firefox (Updated Apr. 2018)
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
Best free malware removal tools
Best Free Malware Removal Tools 2020

Recent Posts

Protecting kids from spyware, adware and malware
How to show hidden files in Windows
Lock down your browser
IE-SPYAD: Restricted Sites List for Internet Explorer
Here’s how to use the HOST file to block ads

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.