• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Malicious .biz site and browser vulnerabilities

Malicious .biz site and browser vulnerabilities

Myantispyware team November 20, 2005     2 Comments    

A user visited a webpage and got redirected to hxxp://iframebiz.biz/dl/adv443.php (tt changed to xx to protect anyone from getting there…)

Among other things… the page was obfuscated and many malicious bits of software loaded through javascript…. such as hxxp://iframebiz.biz/dl/adv443/sploit.anr and hxxp://iframebiz.biz/dl/loadadv443.exe and hxxp://iframebiz.biz/dl/adv443.hta and some sort of loaderadv443.jar and… http://iframebiz.biz/dl/adv443/x.chm

It looks like a bunch of malicious software trying to exploit a variety of vulnerabilities (old and new). Apparently this isn’t a new way of getting these installed (they found 9 DNS names have been used in the last week) – traffsale.biz iframesite.biz iframetraff.biz toolbartraff.biz buytraff.biz iframecash.biz toolbarurl.biz iframebiz.biz and toolbarbiz.biz all have been used by an machine at 81.9.5.10

They’ve tried contacting the ISP and for fun infected a VMware virtual machine. More than 50 files were pulled down from all over.

Not that Firefox is invincible, but … most exploits in the wild affect unpatched Internet Explorer vulnerabilities which is why I usually recommend Firefox…

Exploits & Vulnerabilities

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

2 Comments

  1. Danger
    ― December 2, 2005 - 2:59 pm  Reply

    How are they being injected into website files?

  2. Administrator
    ― December 2, 2005 - 4:43 pm  Reply

    It`s simple, owner website insert code with exploit to a page.
    For example: < iframe src=/path/to/expoloit width=0 height=0 >< /iframe >

Leave a Reply Cancel reply




New Guides

Webnotificationsgroup.com
How to remove Webnotificationsgroup.com pop-ups (Virus removal guide)
Settings exe file Adware
Settings adware (Virus removal guide)
Atkatj.com
How to remove Atkatj.com pop-ups (Virus removal guide)
unwanted ads
Files Download Now extension (Virus removal guide)
unwanted ads
How to uninstall UnlimitedPixel app/extension from Mac (Virus removal guide)

Follow Us

Search

Useful Guides

Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
remove chrome extension
How to remove Chrome extensions installed by enterprise policy
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
Best free malware removal tools
Best Free Malware Removal Tools 2020
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]

Recent Posts

Protecting kids from spyware, adware and malware
How to show hidden files in Windows
Lock down your browser
IE-SPYAD: Restricted Sites List for Internet Explorer
Here’s how to use the HOST file to block ads

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.