SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Evangelist artcoder's Avatar
    Join Date
    Aug 2005
    Location
    Planet Earth
    Posts
    599
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What is potential damage to user viewing a malicious PHP script?

    A hacker had placed an malicious PHP script in some URL location and I had been tricked into viewing that URL location on my browser, what is the potential damage from viewing that PHP? I have latest anti-virus installed on my PC.

    The way that they tricked me into viewing that malicious PHP script is that the hacker hacked into a trusted site and had placed a hidden iframe in the trusted site. The src of the iframe was to an malicious site that was flagged by McAffee as dangerous. So when I went to the trusted site, the malicous PHP script had been invoked. My question is what it the potential damage to me? And is there a way to know what that malicious PHP is trying to do? Why is their objective when they do this?

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    The objective is normally to exploit a known vulnerability in some browser versions to get software onto your computer. There are too many old vulnerabilities to list... in Acrobat if they embedded a PDF, in old versions of Internet Explorer if they embedded an ActiveX control, in Flash if they embedded a movie...

    The software payload could be anything -- a keylogger, remote control software, adware...

    The only way to really know is to pick apart whatever that iframe pointed to.

  3. #3
    SitePoint Evangelist artcoder's Avatar
    Join Date
    Aug 2005
    Location
    Planet Earth
    Posts
    599
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How can I examine the iframe source without becoming compromised? If I have the latest anti-virus, I should be okay to browse to the iframe source, correct?

    Will browsing to the iframe source via a web proxy such as proxify.com keep me safe?

  4. #4
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Do it in a virtual PC.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •