TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
HTML_IFRAME.IY
Overview
Solution

Malware type: Html

Aliases: Trojan-Downloader.HTML.IFrame.dx (Kaspersky), HTML/Infected.WebPage.Gen (Avira), Mal/Iframe-A (Sophos), Exploit:HTML/IframeRef.gen (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Medium

Description: 

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

HTML_IFRAME.IY Behavior Diagram

Malware Overview

This malicious HTML is the Trend Micro detection for Web pages that are compromised through the insertion of a certain iFrame tag. It may be hosted on a Web site and run when a user accesses the said Web site. Once an unsuspecting user visits an affected Web page, it connects to a certain URL.

The said Web page also has an iFrame in it that connects to another Web page, which in turn connects through another iFrame to several Web pages to download malicious files detected by Trend Micro as JS_AGENT.AXX, JS_REALPLAY.AA, and WORM_SILLY.GI.

As a result, routines of the downloaded malicious files are also exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 17, 2008 10:44:25 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.