Exploit:HTML/IframeRef.V

Exploit:HTML/IframeRef.V is a detection for specially-formed IFrame tags that point to remote websites containing malicious content, for example malicious JavaScript containing an exploit for a specific vulnerability.

This exploit requires that a user view or visit the affected websites or open a malicious HTML page for the redirection to occur. It may also be found embedded in crafted email messages sent from an attacker.

In the wild, examples of Exploit:HTML/IframeRef.V redirect browsers to certain URLs within certain domains. Some of these domains are:

• 195.80.151.171
• 2d7d.co.cc
• americanmobile.ca
• andrewchen.us
• bilan.ipq.co
• castload.com
• fargomatorzsa.com
• gt32.co.cc
• gtje5.gv.vg
• locumresources.com
• mariacallas.us
• midsouthrailroadservice.com
• pfgpqerghas.co.cc
• studieshordew.com
• testosploitron.cx.cc
• uxqt.co.cc

Analysis by Marian Radu