Signature Detail
Short Name |
HTTP:STC:HIDDEN-IFRAME-2 |
|---|---|
Severity |
Critical |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Malicious IFRAME injection malware drive-by Blackhole |
Release Date |
2013/01/22 |
Update Number |
2226 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Hidden IFrame Injection Javascript
This signature detects Javascript attempting to inject a potentially hostile IFrame into a webpage. Such activity is extremely common for current drive-by infection websites. These kinds of attacks take normally safe and trusted websites and append malicious content to them, making them very difficult to detect. This particular technique is currently in use by the Blackhole botnet.
References