Re: iframe tag attack

On 6/19/07, Doyle, Bill <wdoyle@mitre.org> wrote:
>
>  This enterprising company seems to have improved productivity.
>
> New Web Exploit at 10,000 Machines and Growing, Security Company Warns
>
> Seems to be a user agent issue, is this in or out of scope?
>

If we unpack the attack, this question might be easier to answer:
1) Attacker compromises a web server using malware
2) User visits a legitimate, but compromised, website that includes
malicious iframe
3) iframe causes browser to be redirected to a site with malicious
javascript
4) malicious javascript detects the browser type and exploits browser
vulnerabilities to download code, which then downloads other code
(keyloggers, proxy, etc...)

We have ruled 1 out of scope.  How about the rest?

I am hoping that we can use our list of attacks (i.e., the threat trees) to
come to a better understanding on what is in and out of scope.

Rachna

Received on Wednesday, 20 June 2007 05:42:57 UTC