Attackers are once again injecting malicious IFRAMEs into Web pages in an effort to exploit weaknesses in ActiveX controls.
According to researchers at McAfee Avert Labs, the attack "involves injection of script into valid Web page to include a reference to a malicious \[javascript\]. The \[script inserts\] an IFRAME \[in the Web page\], which loads an HTML file that attempts to exploit several vulnerabilities."
McAfee said the exploit attempts to attack Windows systems that don't have Microsoft's MS06-014 patch installed, as well as ActiveX controls for RealPlayer, Baofang Storm, Xunlei Thunder DapPlayer, and Ourgame GL World Globalink Chat. Microsoft's patch corrects a serious problem in Microsoft Data Access Components (MDAC), which could allow the execution of arbitrary code.
The attack uses a cascading effect in which Web pages are loaded into the IFRAME in succession and eventually an executable file is launched. McAfee estimates that so far over 10,000 sites have become portals of this particular attack.
