Results 1 to 7 of 7

Thread: Trojan-Clicker.HTML.IFrame

  1. #1
    grumpyoldman Guest

    Default Trojan-Clicker.HTML.IFrame



    Hello, can anyone advise me please?

    I picked up Trojan-Clicker.HTML.IFrame.9v, ZA seemed to pick it up soon after it arrived as a scan was not scheduled for that time.

    I wondered if there is any way to identify which site delivered it, I was looking for footstools, I saw a couple I liked but I m now reluctant to return to any of them.

    A search showed a similar question (6-4-2008 Thread 3945) but the poster was using Firefox I use Internet Explorer 7.0 5730 11 so assume the solution didn t apply.

    Like the last poster I have since cleaned the cache so may well have lost any trace.

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Trojan-Clicker.HTML.IFrame

    If the html file is deleted by the cleaning of the browser's cache, then it is too late.
    If the file was still there, it could be read and the site or the files pointed to could be seen.

    Myself I use webwasher classic and privoxy- both log all files for the browser so I do have complete records, but still the actual file would have to read and the included iframe file/locations would then point to the possible bad site or involved bad files or what the possible threat relly was all about in the first place.
    Usually if the resident scanner kicks in and say the file in the browser's cache is malicious, I comply and let it delete the file.

    Oldsod.
    Best regards.
    oldsod

  3. #3
    grumpyoldman Guest

    Default Re: Trojan-Clicker.HTML.IFrame



    Hi Oldsod,

    Thanks for your for your reply, I don t have either of the programmes you mentioned.

    As you say, I seem to have destroyed the evidence by cleaning the cache.

    If it happens again how would I go about tracking down the offending site, before cleaning up any temporary files please?

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Trojan-Clicker.HTML.IFrame

    Actually you do not really either of those programs to prevent or stop IFrame exploits - the ZA Privacy can stop it just as easiy if it is set to filter javascripts, vbs and mime.
    The IE can block iframes and frames if configured in it's Tools.

    First find the exact html in the browser cache as defined by the antivirus full time scanner.
    Open the html with the notepad, not the browser.

    Look for the iframe tags in that page.

    http://www.w3schools.com/TAGS/tag_iframe.asp

    http://en.wikipedia.org/wiki/IFrame

    Then look for either the incorrect sourrce url in the code or that is the correct url and it is the link to the malicious server or file.
    Invisible IFrames will usually include dimensions that are similar to webug sizes (1x1, 1x2, 2x1, 1x100, etc), but still linked back to a Url or a specific file of a server.

    If the browser did manage to download the malicious file, it still will be located in the browser's cache.
    The malicious file could be a javascript or a MIME (MHTML) or vbs file for images/media or the page's usual content or perhaps a banner ad or even an ad on the page. Or a regular and safe image/media that has been hacked to make viewers connect to the malicious site. Or using a url withinthe html file with the src or img tags pointing to the maliiocus server.

    Lots of work to find the bad code in the files of the browser.
    Easier to block the different kinds of javascripts/vbs/MIME in the firewall or in the browser (a long with blocking the iframes) than do afterwards a lot of tracing.

    Oldsod.

    Message Edited by Oldsod on 07-02-2008 04:45 PM
    Best regards.
    oldsod

  5. #5
    grumpyoldman Guest

    Default Re: Trojan-Clicker.HTML.IFrame



    Thanks for the information Oldsod.

    Your post got me to have a look at my privacy settings and as a result I found that some things, like third party cookies that I thought were blocked, were not. I will look at filtering as you suggest.

    Many thanks again for your help.

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Trojan-Clicker.HTML.IFrame

    You are welcome.
    Oldsod.
    Best regards.
    oldsod

  7. #7
    riceorony Guest

    Default Re: Trojan-Clicker.HTML.IFrame

    Grumpy,
    It kinda stinks that we both had the same problem just looking at regular stuff, you a stool and me some classes and products.
    Hope things are fixed

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •