Content

Suspicious IFrame.e

Type
Virus
SubType
Damaged
Discovery Date
07/18/2008
Length
Varies
Minimum DAT
5342 (07/18/2008)
Updated DAT
5342 (07/18/2008)
Minimum Engine
5.2.00
Description Added
07/18/2008
Description Modified
08/26/2008 1:40 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

The GIF files detected are infected incorrectly by a virus. The misinfected GIF files, may continue to function as normal or may try to run the virus without any effect. In some cases the misinfected file may be entirely unusable, having been corrupted by the virus.

Such misinfected files, contain an appended HTML IFRAME (inline-frame) tag such as the one below:

  • iframe src=http://example.com width=0 height=0 /iframe

Symptoms

  • Increased size of GIF file
  •  Presence of IFRAME tags appended to GIF files

Method of Infection

Misinfected files cannot spread from one machine to another, however, the virus that was responsible for the misinfection could.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This detection is for misinfected GIF files, which contain an IFRAME tag added at the end of the file.

A misinfected file is one that a virus has attempted to infect, but has not done so in the way in which the virus writer intended.

Characteristics

Characteristics -

The GIF files detected are infected incorrectly by a virus. The misinfected GIF files, may continue to function as normal or may try to run the virus without any effect. In some cases the misinfected file may be entirely unusable, having been corrupted by the virus.

Such misinfected files, contain an appended HTML IFRAME (inline-frame) tag such as the one below:

  • iframe src=http://example.com width=0 height=0 /iframe

Symptoms

Symptoms -

  • Increased size of GIF file
  •  Presence of IFRAME tags appended to GIF files

Method of Infection

Method of Infection -

Misinfected files cannot spread from one machine to another, however, the virus that was responsible for the misinfection could.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A