Previous
Malware authors exploit Microsoft's monthly cycles
News The creators of the Bofra worm, which exploits the recently discovered IFRAME vulnerability in Internet Explorer, may have timed the release of their worm to throw Microsoft's monthly patch cycle into disarray, say security experts.
[November 10, 2004, 10:18]
Bofra exploit ticks away at Microsoft
News After more than two weeks of investigating the IFRAME Bofra exploit, Microsoft has yet to announce when it will be able to fix the problem. In a prepared email statement from the company, a spokesperson said: "Microsoft is actively investigating...
[November 26, 2004, 11:30]
Trend Micro sites hacked in global web attack
News It was an iFrame-injection attack, which redirected users to a malicious site," said Rand. Rand added that none of Trend Micro's customers would have been affected by visiting the company's sites, as the vendor detects iFrame attacks.
[March 14, 2008, 14:29]
Hackers launch Bofra banner ad attacks
News Hackers have already attacked several European Web sites using the as yet un-patched IFRAME exploit, otherwise known as Bofra, in Internet Explorer 6.0. The Storm Center received a report of a high profile UK Web site that contains a pointer on...
[November 22, 2004, 14:05]
IE flaw danger increases as exploit code released
News The Iframe flaw is the latest in a series of security issues related to Internet Explorer. Microsoft has begun to investigate the Iframe vulnerability and has not been made aware of any program designed to exploit the flaw, the company said in an...
[November 5, 2004, 7:23]
MSN Korea hacked
News Early investigation has shown that the attackers placed an additional frame on the Web site, a so-called IFRAME, Sohn said. The IE Elements flaw, also known as the IFRAME vulnerability, could allow an attacker to take control of a victim's PC.
[June 3, 2005, 9:25]
Web-borne security threats soar
News Approximately half of the infected websites contained code that the security company calls "Mal/Iframe". Mal/Iframe opens a tiny window, often measuring one pixel by one pixel, through which other malicious content which seeks to exploit web...
[July 25, 2007, 13:33]
Vendor warns of 'Chinese' website attacks
News When a user visits a compromised page, their browser is redirected via SQL injection to another page, which in turn loads a second iframe. That iframe loads a script that assesses the victim computer for various vulnerabilities, including a memory...
[May 20, 2008, 16:54]
Infamous Russian malware gang vanishes
News MPack [packer kit] and its IcePack add-on are being offered, as well as Iframe exploits. MPack is a PHP-based malware kit that allows its developers to sell modules of malicious code, while Iframe malware targets browsers by attacking...
[November 9, 2007, 17:08]
Sophos spots return of 'old-timer' email worm
News Mal/Iframe once again topped the chart this month, accounting for more than two-thirds of all infected web pages found in November, at 69.6 percent. Web pages hosted in China continue to be plagued by Mal/Iframe, and overall the country hosted more...
[December 5, 2007, 15:17]
Hundreds of sites infected with dynamic malware
News Compromised sites in the past have predominantly had static iframe code pointing to malicious sites, served by a host. This makes it relatively easy to detect which hosts are infected, said ScanSafe, as a search on the contents of the HTML iframe...
[January 18, 2008, 15:58]
Microsoft patches Bofra
News The vulnerability, dubbed the Internet Explorer Elements flaw by Microsoft, is also known as the IFRAME vulnerability, or Bofra exploit. Microsoft published a patch for Internet Explorer on Wednesday, aiming to close a month-old hole that has been...
[December 2, 2004, 7:15]
Government says Finnish with IE 6
News The Bofra exploit - also known as the IFRAME exploit - was used this week to infect computers through banner ads. A government agency in Finland is urging the country's citizens to avoid use of Internet Explorer until Microsoft has patched the...
[November 26, 2004, 12:35]
Microsoft complains about 'irresponsible' security revelation
News With some additional research from others in the community, it came to light that the IFRAME flaw was causing the crash. Microsoft has slammed the people responsible for publishing details of the vulnerability that has lead to the creation of the...
[November 10, 2004, 11:28]
Hackers launch Bofra banner ad attacks
Talkback What's worse, actually, is that users needn't even click the ad to get exploited - the IFRAME attack could hit users that just *viewed* the advertisement. Scary.
[November 28, 2004, 0:56]
Gartner: Beware of Bofra exploit
News Analyst firm Gartner has predicted that attacks using the Bofra (buffer overflow frame exploit) or IFRAME exploit will become more common, especially around systems with sloppy patching. Hackers are set to increase their use of banner ad exploits...
[November 25, 2004, 15:50]
Alert over 'extremely critical' Firefox flaws
News One flaw involves "IFRAME" JavaScript URLs, which are not properly protected from being executed in the context of another URL in the history list. Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because...
[May 9, 2005, 17:30]
Web-based malware on legit sites soars
News Techniques to compromise websites, including Iframe and SQL injection attacks, are becoming more ubiquitous, ScanSafe warned. The amount of web-based malware on legitimate sites has increased by over 400 percent since last year, according to...
[June 5, 2008, 17:30]
Symantec: Evolved Storm worm attack brewing
News The two possible avenues of attack are spam with links to the as-yet-unlinked-to fast-flux sites or injecting malicious iFrame tags into legitimate websites, which would download malware onto users' machines, warned Symantec.
[May 6, 2008, 15:22]
Just how safe is Outlook 2002?
News Among the issues Smith called critical is the ability for an email that includes a special HTML tag, known as an IFRAME, to run an attached program. Internet privacy researcher Richard Smith released on Thursday a list of four issues that continue...
[March 22, 2002, 9:22]
