JS_IFRAME.HBA
Posted: March 29, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 0 |
| First Seen: | March 29, 2012 |
|---|---|
| OS(es) Affected: | Windows |
JS_IFRAME.HBA is a malicious script that exploits Flash to install the Russian Trojan Sinowal onto the target PC. Because JS_IFRAME.HBA was recently expunged from the legitimate news site nu.nl, SpywareRemove.com malware research team advises any recent visitors to that site to consider scanning their PC with suitable diagnostic software. JS_IFRAME.HBA-distributed Sinowal Trojans are noted for their ability to target and steal personal information, especially bank-related information, and you may also want to contact your bank to prevent any chance of future attacks against your bank account. However, JS_IFRAME.HBA may also be exploited for other attacks, and you should use a twofold solution of both strong browser security and competent anti-malware software to keep your PC safe from JS_IFRAME.HBA attacks from any source.
How a Little News Can Turn into JS_IFRAME.HBA Attack
JS_IFRAME.HBA was recently inserted into nu.nl as a hidden attack on an otherwise legitimate and safe website, although nu.nl's web masters have since reported the JS_IFRAME.HBA code to be removed (as of late March 29th 2012). JS_IFRAME.HBA is rated as a low-risk threat due to its limitations, with a payload that's strictly limited to redirecting you to another (typically harmful) site. However, due to obfuscation techniques to evade detection and the fact that JS_IFRAME.HBA can redirect you to extremely dangerous PC threat-hosting sites, SpywareRemove.com malware researchers recommend that you take any possibility of a JS_IFRAME.HBA attack very seriously.
This latest JS_IFRAME.HBA attack is just the first in several steps against your PC. In its nu.nl format, JS_IFRAME.HBA was used to redirect victims to a second script that downloaded a Nuclear Pack exploit kit (which is identified as JS_BLACOLE.HBA). The Nuclear Pack, in its own turn, installs TROJ_SMOKE.JH, which finally installs the ultimate payload: the Sinowal banking Trojan (detected as TROJ_SINOWAL.SMF or Trojan-PSW:W32/Sinowal.CP). In spite of the complexity of this attack process, symptoms of the attack can be considered negligible, and SpywareRemove.com malware experts note that Sinowal Trojans, in particular, are difficult to detect without appropriate security programs. Even the Sinowal Trojan may be used to install other PC threats, including rootkits, although its primary functions are its bank information-stealing capabilities.
Fending Off JS_IFRAME.HBA's Forays into Your Bank Account
Since JS_IFRAME.HBA attacks can result in the installation of Trojans that target your bank account information specifically, a canny response to a potential JS_IFRAME.HBA-related infection will include making contact with your bank for insuring that any stolen information isn't used to break into your account. However, JS_IFRAME.HBA-related PC threats may also install other forms of harmful software or utilize other types of attacks besides stealing fiscal information. This broad range of potential risks leads SpywareRemove.com malware researchers to recommend that you make removing any PC threats that could be installed by JS_IFRAME.HBA a top priority for insuring your computer's safety.
Since JS_IFRAME.HBA's attack against nu.nl was both recent and confirmed to use code-concealing techniques, you should also strongly consider using updated anti-malware programs that can detect recent variants of JS_IFRAME.HBA without trouble. Ultimately, this software may be the only thing that stands between you and a successful JS_IFRAME.HBA attack, given that JS_IFRAME.HBA has a history of being inserted into the code of otherwise trustworthy sites.
It's a good post.