1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Malicious Toolkit Iframe Injection

Web Attack: Malicious Toolkit Iframe Injection

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a mass injection attack which may redirect to a malicious website that can compromise the target computer.

Additional Information

Web sites have been hit by a mass-compromise attack that injects malware into pages and redirects victims to a site that will then try to download Trojans and keylogger code.

If a user visits one of the infected sites, they are redirected through a series of different sites owned by the attacker and brought to the final landing page containing the exploit code . The final landing page records the visitor's IP address. When visited for the first time, the user is directed to the exploit payload site. But when visited again from the same IP address, the user is directed to the benign site of ask.com.

Affected

  • osCommerce osCommerce 2.1

Response

No further action is required but you may wish to perform some of the following actions as a precautionary measure.
Run the Norton Power Eraser. (home users)
Run the Symantec Power Eraser. (business users)
Update your product definitions and perform a full system scan.
Submit suspicious files to Symantec for analysis.

If you believe that the signature is reported erroneously, please read the following:
Report a potential false positive to Symantec.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube