Malware sites that infect a users system are commonplace. Attackers will compromise a legitimate website and then use a variety of methods (including iFrames) in an attempt to exploit applications on users systems.
In most traditional attacks of this type, the compromised website would launch a single iFrame with a single exploit. Today, Websense announced a compromised website that was found to have many iFrame windows, each attempting to exploit a different applications level vulnerability. The exploits were:
VMLRender exploit (MS07-004)
2007 WinZip FileView ActiveX CreateNewFolderFromName method exploit (CVE-2006-6884)
Apple QuickTime RTSP exploit (CVE-2007-0015)
MS Internet Explorer WebViewFolderIcon exploit (CVE-2006-3730)
Internet Explorer (MDAC) Remote Code Execution exploit (MS06-014)
Adobe Reader PDF exploit (CVE-2007-5659)
These are some of the most critical and easy to exploit applications vulnerabilities. While most are a year or two old, due to lack of timely patching and patching of 3rd party apps, they are still quite effective. A post at www.atthebreach.com discusses a finding in a Verizon study regarding patch availability at the time of the breach. All of these exploits have patches, but attackers still find it valuable to use them to exploit systems.
The interesting element to this particular attack as reported by Websense is how a single website (really a single home page) was used to try to exploit all of these vulnerabilities, not just one. Hackers (like everyone else) are just trying to get the most bang for their buck.
Web Content Filtering is still one of the best technologies to use to prevent your users being exploited.
