An IFrame (which isn't another Apple product - it stands for "inline frame") is just a way of loading one web page inside another, usually from a different server.
Malware writers can make the included page just one pixel square and obfuscate javascript which will run automatically.
Frame code would be inserted by hacking web servers, or adding it to banner advertisements.
Big websites often cache (store) the results of search queries run on their sites - say, the links for a search for "malware IFrame" - and then forward these to search engines such as Google, which can generate search results directly. Malware authors exploit the system by putting in a search query like "malware IFrame" plus all the malicious IFrame's text. If the site doesn't check search terms adequately for obfuscated Javascript, the IFrame data is stored and passed on. When someone then searches for "malware IFrame" and clicks a result, the attack is initiated directly from the search result, because the browser can read the obfuscated Javascript - even if you can't.
Malware distributors like this because they don't need to hack the server, and can use popular searches to benefit from the site's SEO (search engine optimisation) practices and get a high ranking at Google. The attack usually includes half a dozen "drive-by" exploits, and also uses "social engineering" to get users to install something else, such as a video codec that is actually a Trojan. (Source)
Malware writers can make the included page just one pixel square and obfuscate javascript which will run automatically.
Frame code would be inserted by hacking web servers, or adding it to banner advertisements.
Big websites often cache (store) the results of search queries run on their sites - say, the links for a search for "malware IFrame" - and then forward these to search engines such as Google, which can generate search results directly. Malware authors exploit the system by putting in a search query like "malware IFrame" plus all the malicious IFrame's text. If the site doesn't check search terms adequately for obfuscated Javascript, the IFrame data is stored and passed on. When someone then searches for "malware IFrame" and clicks a result, the attack is initiated directly from the search result, because the browser can read the obfuscated Javascript - even if you can't.
Malware distributors like this because they don't need to hack the server, and can use popular searches to benefit from the site's SEO (search engine optimisation) practices and get a high ranking at Google. The attack usually includes half a dozen "drive-by" exploits, and also uses "social engineering" to get users to install something else, such as a video codec that is actually a Trojan. (Source)
Comments
http://office-phone-system-primer.blogspot.com/