1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What is HEUR:Trojan.Script.Iframer?

Discussion in 'BlackHat Lounge' started by ak2ae, Apr 2, 2009.

  1. ak2ae

    ak2ae Junior Member

    Joined:
    Jul 20, 2008
    Messages:
    168
    Likes Received:
    78
    Location:
    London, UK
    I've been seeing this like mad when I visit certain sites with both avast and karpersky blocking sites its on, now its on one of my sites as well. Anybody else get this or is is just me
     
  2. ultimatium1

    ultimatium1 Junior Member

    Joined:
    Oct 10, 2008
    Messages:
    107
    Likes Received:
    19
    this trojan is a C***
    Kaspersky mite warn u about it, But when its on ur PC, Kaspersky cant get it off.

    I think I had to wipe clean after this trojan
     
  3. ak2ae

    ak2ae Junior Member

    Joined:
    Jul 20, 2008
    Messages:
    168
    Likes Received:
    78
    Location:
    London, UK
    ok update did a little research seems to effect pages with iframes and f forum with avatars. I just removed the cookie stuffing code from my site and it loads fine now I was getting this with warezbb first about a week ago. It seems antivirus' are combating iframe cookie stuffing pages on sites.
     
    Last edited: Apr 2, 2009
  4. mrwho

    mrwho Junior Member

    Joined:
    Apr 3, 2008
    Messages:
    122
    Likes Received:
    39
    Yea a few months ago Kaspersky released a new heuristic detection mechanism for malicious scripts so there may be false positives and/or increased detection.

    there's a conversation going on about it in the Kaspersky forums which can be found here
    Code:
    hxxp://forum.kaspersky.com/index.php?showtopic=100452&st=20
     
    Last edited: Apr 2, 2009