Another IFrame VML exploit

Following up on a SunBelt blog post … I noticed the site mentioned wasn’t really the problem but the IFrame exploit contained on the page, which produces a Information Bar pop-up in IE7

In researching this culprit I found that the same exploit is being served up on several other sites. 2 of which were discoved by the Microsoft Search Defender project as seen here … in the first two examples these sites now contain the same IFrame exploit. I suspect these servers have been hacked since Microsoft reviewed them and the IFrame injected.

These culprit sites will be included in the next HOSTS file update … as the IFrame page was scanned at VirusTotal and was only detected by AntiVir as: EXP/HTML.VML.Gen

Leave a Reply