• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Malicious .biz site and browser vulnerabilities

Malicious .biz site and browser vulnerabilities

Myantispyware team November 20, 2005     2 Comments    

A user visited a webpage and got redirected to hxxp://iframebiz.biz/dl/adv443.php (tt changed to xx to protect anyone from getting there…)

Among other things… the page was obfuscated and many malicious bits of software loaded through javascript…. such as hxxp://iframebiz.biz/dl/adv443/sploit.anr and hxxp://iframebiz.biz/dl/loadadv443.exe and hxxp://iframebiz.biz/dl/adv443.hta and some sort of loaderadv443.jar and… http://iframebiz.biz/dl/adv443/x.chm

It looks like a bunch of malicious software trying to exploit a variety of vulnerabilities (old and new). Apparently this isn’t a new way of getting these installed (they found 9 DNS names have been used in the last week) – traffsale.biz iframesite.biz iframetraff.biz toolbartraff.biz buytraff.biz iframecash.biz toolbarurl.biz iframebiz.biz and toolbarbiz.biz all have been used by an machine at 81.9.5.10

They’ve tried contacting the ISP and for fun infected a VMware virtual machine. More than 50 files were pulled down from all over.

Not that Firefox is invincible, but … most exploits in the wild affect unpatched Internet Explorer vulnerabilities which is why I usually recommend Firefox…

Exploits & Vulnerabilities

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

2 Comments

  1. Danger
    ― December 2, 2005 - 2:59 pm  Reply

    How are they being injected into website files?

  2. Administrator
    ― December 2, 2005 - 4:43 pm  Reply

    It`s simple, owner website insert code with exploit to a page.
    For example: < iframe src=/path/to/expoloit width=0 height=0 >< /iframe >

Leave a Reply Cancel reply




New Guides

Newsstroy.cc
How to remove Newsstroy.cc pop-ups (Virus removal guide)
SearchConverterApp
How to uninstall SearchConverterApp from Chrome, Firefox, IE, Edge
click allow popup
How to remove News-central.me pop-ups (Virus removal guide)
Secureblogcn.com scam
Secureblogcn.com POP-UP SCAM (Virus removal guide)
Pyiera.com
How to remove Pyiera.com pop-ups (Virus removal guide)

Follow Us

Search

Useful Guides

How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
How to reset Mozilla Firefox (Updated Apr. 2018)
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
How to reset Google Chrome settings to default

Recent Posts

Protecting kids from spyware, adware and malware
How to show hidden files in Windows
Lock down your browser
IE-SPYAD: Restricted Sites List for Internet Explorer
Here’s how to use the HOST file to block ads

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.